CVE-2026-39808CRITICAL 9.8EPSS p99.2%

CVE-2026-39808CVE-2026-39808

Description

A improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet FortiSandbox 4.4.0 through 4.4.8 may allow attacker to execute unauthorized code or commands via <insert attack vector here>

Scoring

CVSS 3.19.8 (CRITICAL)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS66.17% probability of exploitation · percentile 99.2% · 2026-06-18T12:00:27Z
Published2026-04-14
Last modified2026-04-22

Underlying weaknesses· 1

CWE-78

References

  1. https://fortiguard.fortinet.com/psirt/FG-IR-26-100
  2. https://github.com/samu-delucas/CVE-2026-39808

1

TypeTargetConfidenceTier
WeaknessImproper Neutralization of Special Elements used in an OS Command ('OS Command Injection')cwe-780%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2026-25089
CVE
CVE-2025-53949
CVE
CVE-2025-53679
CVE
CVE-2026-39813
CVE
Fortinet FortiWeb OS Command Injection Vulnerability
CVE
CVE-2025-64155
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.