← Home

OS Command Injection through API endpoint

CVEs

CVECVSSCWEExploitation
CVE-2026-39808 9.1 CWE-78: OS Command Injection Not observed in the wild

Affected Products

ProductAffected versionsFixed version
FortiSandbox 4.4.8 Not specified by vendor
FortiSandbox 4.4.7 Not specified by vendor
FortiSandbox 4.4.6 Not specified by vendor
FortiSandbox 4.4.5 Not specified by vendor
FortiSandbox 4.4.4 Not specified by vendor
FortiSandbox 4.4.3 Not specified by vendor
FortiSandbox 4.4.2 Not specified by vendor
FortiSandbox 4.4.1 Not specified by vendor
FortiSandbox 4.4.0 Not specified by vendor
FortiSandbox PaaS 23.4.4374 Not specified by vendor
FortiSandbox PaaS 23.4.4350 Not specified by vendor
FortiSandbox PaaS 23.3.4329 Not specified by vendor
FortiSandbox PaaS 23.1.4245 Not specified by vendor
FortiSandbox PaaS 22.2.4151 Not specified by vendor
FortiSandbox PaaS 22.2.4134 Not specified by vendor
FortiSandbox PaaS 22.1.4113 Not specified by vendor
FortiSandbox PaaS 21.4.4072 Not specified by vendor
FortiSandbox PaaS 21.3.4055 Not specified by vendor