Initiatieven voor
Als nationale autoriteit voor cyberveiligheid heeft het CCB verschillende initiatieven ontwikkeld voor specifieke doelgroepen die hier worden gepresenteerd.
Warning: Remote Code Execution & Privilege Escalation in Fortinet FortiSandbox Patch Immediately!
Image
Gepubliceerd : 15/04/2026
- Last update: 15/04/2026
- Affected software:
→ FortiSandbox 4.4.0 through 4.4.8
→ FortiSandbox 5.0.0 through 5.0.5- Type: Remote Code Execution, Privilege Escalation
- CVE/CVSS
→ CVE-2026-39808: CVSS 9.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
→ CVE-2026-39813: CVSS 9.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
Sources
Fortinet - https://fortiguard.fortinet.com/psirt/FG-IR-26-100
Fortinet - https://fortiguard.fortinet.com/psirt/FG-IR-26-112
Risks
Two newly discovered vulnerabilities in Fortinet FortiSandbox allow attackers to execute unauthorized code and escalate privileges, potentially exposing sensitive company data and disrupting operations.
FortiSandbox is a threat detection platform that uses a combination of AI-based static and dynamic analysis to identify and neutralize malware and cyber threats. It functions as a security layer within the Fortinet Security Fabric, isolating and executing suspicious files in virtual environments to observe their behavior before they can impact the broader network.
If exploited this could lead to data breaches, system compromise, and operational downtime impacting confidentiality, integrity, and availability of critical businesses.
Description
Two critical security vulnerabilities, CVE-2026-39808 and CVE-2026-39813, have been identified in Fortinet FortiSandbox versions 4.4.0 through 4.4.8, with CVE-2026-39813 additionally affecting versions 5.0.0 through 5.0.5. These flaws arise from OS command injection and path traversal, types of vulnerabilities that allow attackers to manipulate system commands and directory structures, potentially leading to unauthorized actions such as arbitrary code execution and privilege escalation.
In affected versions, an attacker can exploit these vulnerabilities by sending specially crafted HTTP requests, leading to unauthorized code execution or authentication bypass. Notably, both flaws can be exploited by completely unauthenticated remote attackers, requiring no prior privileges or user interaction.
Recommended Actions
Patch
To resolve these issues, organizations must upgrade affected 4.4 deployments to version 4.4.9 or above and affected 5.0 deployments to version 5.0.6 or above.
The Centre for Cybersecurity Belgium strongly recommends installing updates for vulnerable devices with the highest priority after thorough testing.
Monitor/Detect
The CCB recommends organizations upscale monitoring and detection capabilities to identify any related suspicious activity and ensure a swift response in case of an intrusion.
In case of an intrusion, you can report an incident via https://ccb.belgium.be/en/cert/report-incident.
While patching appliances or software to the newest version may protect against future exploitation, it does not remediate historic compromise.