Cyber Posture

CVE-2026-39815

High

Published: 14 April 2026

Published
14 April 2026
Modified
20 April 2026
KEV Added
Patch
CVSS Score 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0003 7.9th percentile
Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-39815 is a high-severity SQL Injection (CWE-89) vulnerability in Fortinet Fortiddos-F. Its CVSS base score is 8.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 7.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190) and 1 other technique. What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match
prevent

Requires timely identification, reporting, and correction of system flaws like this SQL injection vulnerability through vendor-provided patches as detailed in the Fortinet advisory.

SI-10 Information Input Validation good match
prevent

Directly mandates validation of information inputs such as crafted HTTP requests to neutralize special elements and prevent SQL injection attacks.

SI-5 Security Alerts, Advisories, and Directives good match
prevent

Ensures monitoring and implementation of security advisories like Fortinet PSIRT FG-IR-26-119 to address known vulnerabilities promptly.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
attack.mitre.org →
T1059 Command and Scripting Interpreter Execution
Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries.
attack.mitre.org →
Why these techniques?

SQL injection in public-facing Fortinet web interface enables remote exploitation of the application (T1190) and unauthorized code/command execution (T1059) via crafted HTTP requests.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

A improper neutralization of special elements used in an sql command ('sql injection') vulnerability in Fortinet FortiDDoS-F 7.2.1 through 7.2.2 may allow attacker to execute unauthorized code or commands via sending crafted HTTP requests

Deeper analysisAI

CVE-2026-39815 is an SQL injection vulnerability (CWE-89) affecting Fortinet FortiDDoS-F versions 7.2.1 through 7.2.2. It arises from improper neutralization of special elements used in an SQL command, which may allow an attacker to execute unauthorized code or commands via crafted HTTP requests. The vulnerability carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating high severity due to network accessibility, low attack complexity, and significant impacts on confidentiality, integrity, and availability.

An attacker with low privileges (PR:L) can exploit this vulnerability remotely over the network without requiring user interaction. By sending specially crafted HTTP requests, the attacker can inject malicious SQL payloads, potentially leading to unauthorized code or command execution on the affected system.

Mitigation details are provided in the Fortinet PSIRT advisory FG-IR-26-119, available at https://fortiguard.fortinet.com/psirt/FG-IR-26-119.

Details

CWE(s)
CWE-89

Affected Products

fortinet
fortiddos-f
7.2.1 — 7.2.3

CVEs Like This One

CVE-2025-59922Same vendor: Fortinet
CVE-2026-21643Same vendor: Fortinet
CVE-2025-61848Same vendor: Fortinet
CVE-2024-54026Same vendor: Fortinet
CVE-2025-49784Same vendor: Fortinet
CVE-2025-25257Same vendor: Fortinet
CVE-2024-55597Same vendor: Fortinet
CVE-2024-52960Same vendor: Fortinet
CVE-2024-35275Same vendor: Fortinet
CVE-2026-40688Same vendor: Fortinet

References