FortiSandbox XSS in Web Page Generation (5.0.5)
CVE-2026-39812 Published on April 14, 2026
A improper neutralization of input during web page generation ('cross-site scripting') vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.5, FortiSandbox 4.4.0 through 4.4.8, FortiSandbox 4.2 all versions, FortiSandbox PaaS 5.0.0 through 5.0.5, FortiSandbox PaaS 4.4.0 through 4.4.8, FortiSandbox PaaS 4.2 all versions may allow attacker to execute unauthorized code or commands via <insert attack vector here>
Vulnerability Analysis
CVE-2026-39812 is exploitable with network access, requires user interaction and user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have a small impact on confidentiality and integrity, and no impact on availability.
Weakness Type
What is a XSS Vulnerability?
The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
CVE-2026-39812 has been classified to as a XSS vulnerability or weakness.
Products Associated with CVE-2026-39812
stack.watch emails you whenever new vulnerabilities are published in Fortinet Fortisandbox or Fortinet Fortisandboxpaas. Just hit a watch button to start following.
Affected Versions
Fortinet FortiSandbox:- Version 5.0.0, <= 5.0.4 is affected.
- Version 4.4.0, <= 4.4.8 is affected.
- Version 4.2.1, <= 4.2.8 is affected.
- Version 5.0.0, <= 5.0.5 is affected.
- Version 4.4.0, <= 4.4.8 is affected.
- Version 4.2.1, <= 4.2.8 is affected.