CVE-2026-39808

CRITICAL · 9.8 EPSS 66.2%

hype LIKELY HACK · 78 hack

Active exploitation claimed by multiple sources; honeypot detections cited; April patch confirms vendor response; KEV absence prevents higher score.

What: OS command injection in Fortinet FortiSandbox 4.4.0–4.4.8 enabling unauthenticated code execution (CVSS 9.8 critical, EPSS 0.66 high).

Why it matters: Multiple security vendors and honeypot operators report active exploitation of CVE-2026-39808 in the wild alongside two related FortiSandbox flaws. Fortinet patched in April 2026. No KEV listing yet, but credible defender signals (Defused, SOCRadar) confirm attack attempts. High EPSS and CVSS reinforce urgency.

Where it's seen: Security news outlets (Help Net Security, The Hacker News), threat intel platforms citing honeypot detections, multilingual coverage signaling broad awareness. Grouped with CVE-2026-39813 and CVE-2026-25089 in coordinated exploitation campaigns.

RISK: CRITICAL — OS command injection, unauthenticated, CVSS 9.8, confirmed in-the-wild exploitation reported.

Generated by claude-haiku-4-5 from public posts and authoritative metadata. AI can make mistakes — verify against vendor advisories before acting. 6/17/2026, 9:09:31 AM

Description

A improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet FortiSandbox 4.4.0 through 4.4.8 may allow attacker to execute unauthorized code or commands via <insert attack vector here>

CVSS 3.1 breakdown

Exploitability 3.9 · Impact 5.9

vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack vector: Network
Complexity: Low
Privileges required: None
User interaction: None
Scope: Unchanged
Confidentiality: High
Integrity: High
Availability: High

Affected versions

fortinet/fortisandbox
- 4.4.0 – 4.4.9

Weaknesses

CWE-78

Vendors

fortinet

Products

fortisandbox

References

Other · 1

https://github.com/samu-delucas/CVE-2026-39808