Critical Vulnerabilities in Fortinet FortiSandbox
Summary
CSA has issued Alert AL-2026-038 advising users to immediately update FortiSandbox products following the discovery of critical vulnerabilities CVE-2026-39808 and CVE-2026-39813. CVE-2026-39808 is an OS command injection vulnerability potentially allowing unauthenticated remote code execution via crafted HTTP requests. CVE-2026-39813 is an authentication bypass vulnerability in the FortiSandbox JRPC API. Affected versions include FortiSandbox 4.44.4.0 through 4.4.8 and FortiSandbox 5.05.0.0 through 5.0.5.
What changed
CSA issued a critical security alert on 16 April 2026 regarding two vulnerabilities in Fortinet FortiSandbox: CVE-2026-39808 (OS command injection allowing remote code execution) and CVE-2026-39813 (authentication bypass in the JRPC API). Both vulnerabilities permit exploitation by unauthenticated attackers via specially crafted HTTP requests.
Organizations using FortiSandbox products must immediately update to the latest versions to remediate these vulnerabilities. Failure to patch could expose systems to remote compromise, data exfiltration, or unauthorized system access. Security teams should prioritize this update and verify that all affected product instances across their infrastructure have been patched.
What to do next
- Update FortiSandbox to the latest versions immediately
- Identify and patch all affected FortiSandbox installations
- Monitor for updates from Fortinet regarding additional patches
Archived snapshot
Apr 16, 2026GovPing captured this document from the original source. If the source has since changed or been removed, this is the text as it existed at that time.
Alerts
Critical Vulnerabilities in Fortinet Product
16 April 2026
Fortinet has released software updates addressing vulnerabilities in FortiSandbox.Users and administrators of affected products are advised to update to the latest versions immediately.
Background
Fortinet has released software updates addressing vulnerabilities (CVE-2026-39808 and CVE-2026-39813) in FortiSandbox.
Impact
CVE-2026-39808: Successful exploitation of this OS command injection vulnerability could allow an unauthenticated attacker to execute unauthorized arbitrary code or commands via specially crafted HTTP requests.
CVE-2026-39813: Successful exploitation of this vulnerability could allow an unauthenticated attacker to bypass authentication via specially crafted HTTP requests in the FortiSandbox JRPC API.
Affected Products
The following product versions are affected by the vulnerabilities.
For CVE-2026-39808:
FortiSandbox 4.44.4.0 through 4.4.8
For CVE-2026-39813:FortiSandbox 5.05.0.0 through 5.0.5
FortiSandbox 4.44.4.0 through 4.4.8
Recommendation
Users and administrators of affected products are advised to update to the latest versions immediately.
References
https://www.fortiguard.com/psirt/FG-IR-26-100
https://www.fortiguard.com/psirt/FG-IR-26-112
https://www.securityweek.com/fortinet-patches-critical-fortisandbox-vulnerabilities/
Related changes
Get daily alerts for CSA Alerts & Advisories (Singapore)
Daily digest delivered to your inbox.
Free. Unsubscribe anytime.
Source
About this page
Every important government, regulator, and court update from around the world. One place. Real-time. Free. Our mission
Source document text, dates, docket IDs, and authority are extracted directly from CSA.
The summary, classification, recommended actions, deadlines, and penalty information are AI-generated from the original text and may contain errors. Always verify against the source document.
Classification
Who this affects
Taxonomy
Browse Categories
Get alerts for this source
We'll email you when CSA Alerts & Advisories (Singapore) publishes new changes.
Subscribed!
Optional. Filters your digest to exactly the updates that matter to you.