VDB
CVE-2026-39812
CVE-2026-39812
PUBLISHED
CVSS 4.300000190734863 MEDIUM
A improper neutralization of input during web page generation ('cross-site scripting') vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.5, FortiSandbox 4.4.0 through 4.4.8, FortiSandbox 4.2 all versions, FortiSandbox PaaS 5.0.0 through 5.0.5, FortiSandbox PaaS 4.4.0 through 4.4.8, FortiSandbox PaaS 4.2 all versions may allow attacker to execute unauthorized code or commands via <insert attack vector here>
EPSS 0.03% · 10.7th percentile
Risk Scores
CVSS 3.1
4.300000190734863
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N/E:P/RL:O/RC:C
EPSS Score
0.03%
10.7th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Fortinet | FortiSandbox | 4.4.0, 4.2.1, 5.0.0 |
| Fortinet | FortiSandbox PaaS | 5.0.0, 4.4.0, 4.2.1 |
Timeline
- Apr 14, 2026 CVE Published
- Apr 14, 2026 CVE Updated
- Apr 22, 2026 Security Advisory
- May 18, 2026 EPSS Score
- May 19, 2026 EPSS Score
- May 20, 2026 EPSS Score
- May 21, 2026 EPSS Score
- May 22, 2026 EPSS Score
- May 23, 2026 EPSS Score
- May 24, 2026 EPSS Score
- May 25, 2026 EPSS Score
- May 26, 2026 EPSS Score