FortiSandbox 4.4.x-5.0.x Path Traversal (../filedir) Privilege Escalation
CVE-2026-39813 Published on April 14, 2026
A path traversal: '../filedir' vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.5, FortiSandbox 4.4.0 through 4.4.8 may allow attacker to escalation of privilege via <insert attack vector here>
Vulnerability Analysis
CVE-2026-39813 can be exploited with network access, and does not require authorization privileges or user interaction. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to be critical as this vulnerability has a high impact to the confidentiality, integrity and availability of this component.
Weakness Type
Path Traversal: '../filedir'
The software uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize "../" sequences that can resolve to a location that is outside of that directory.
Products Associated with CVE-2026-39813
stack.watch emails you whenever new vulnerabilities are published in Fortinet Fortisandbox or Fortinet Fortisandboxcloud. Just hit a watch button to start following.
Affected Versions
Fortinet FortiSandbox:- Version 5.0.0, <= 5.0.5 is affected.
- Version 4.4.0, <= 4.4.8 is affected.
- Version 24.1 is affected.
- Version 23.4 is affected.
- Version 5.0.4, <= 5.0.5 is affected.