CVE-2026-39812

CVE Database · CVE-2026-39812

CVE-2026-39812

· MEDIUMAnalyzed

CVSS v3.1

4.8

EPSS

0.19%

Published

Apr 14, 2026

Modified

Apr 21, 2026

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

A improper neutralization of input during web page generation ('cross-site scripting') vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.5, FortiSandbox 4.4.0 through 4.4.8, FortiSandbox 4.2 all versions, FortiSandbox PaaS 5.0.0 through 5.0.5, FortiSandbox PaaS 4.4.0 through 4.4.8, FortiSandbox PaaS 4.2 all versions may allow attacker to execute unauthorized code or commands via <insert attack vector here>

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

Weaknesses (CWE)

CWE-79

Affected Products (7)

fortinet · fortisandboxvulnerable

fortinet · fortisandbox (up to 4.4.9)vulnerable

fortinet · fortisandbox (up to 5.0.6)vulnerable

fortinet · fortisandbox_cloudvulnerable

References (1)

https://fortiguard.fortinet.com/psirt/FG-IR-26-110

Vendor Advisory

KEV Catalog EPSS Scores Vendors All CVEs