CVE-2026-39812

Cross‑Site Scripting Vulnerability in FortiSandbox and FortiSandbox PaaS

Description

A improper neutralization of input during web page generation ('cross-site scripting') vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.5, FortiSandbox 4.4.0 through 4.4.8, FortiSandbox 4.2 all versions, FortiSandbox PaaS 5.0.0 through 5.0.5, FortiSandbox PaaS 4.4.0 through 4.4.8, FortiSandbox PaaS 4.2 all versions may allow attacker to execute unauthorized code or commands via <insert attack vector here>

INFO

Published Date :

2026-04-14T15:38:18.366Z

Last Modified :

2026-04-14T16:46:15.629Z

Source :

fortinet

AFFECTED PRODUCTS

The following products are affected by CVE-2026-39812 vulnerability.

Vendors	Products
Fortinet	Fortisandbox Paas Fortisandbox Fortisandboxpaas

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-39812.

URL	Resource
https://fortiguard.fortinet.com/psirt/FG-IR-26-110

CVSS Vulnerability Scoring System

V3.1

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality Impact

Integrity Impact

Availability Impact