VDB

CVE-2026-39812

CVE-2026-39812 PUBLISHED CVSS 4.300000190734863 MEDIUM

A improper neutralization of input during web page generation ('cross-site scripting') vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.5, FortiSandbox 4.4.0 through 4.4.8, FortiSandbox 4.2 all versions, FortiSandbox PaaS 5.0.0 through 5.0.5, FortiSandbox PaaS 4.4.0 through 4.4.8, FortiSandbox PaaS 4.2 all versions may allow attacker to execute unauthorized code or commands via <insert attack vector here>

EPSS 0.03% · 10.7th percentile

Risk Scores

CVSS 3.1
4.300000190734863
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N/E:P/RL:O/RC:C
EPSS Score
0.03%
10.7th percentile

Affected Products

VendorProductVersions
FortinetFortiSandbox4.4.0, 4.2.1, 5.0.0
FortinetFortiSandbox PaaS5.0.0, 4.4.0, 4.2.1

Timeline

  • Apr 14, 2026 CVE Published
  • Apr 14, 2026 CVE Updated
  • Apr 22, 2026 Security Advisory
  • May 18, 2026 EPSS Score
  • May 19, 2026 EPSS Score
  • May 20, 2026 EPSS Score
  • May 21, 2026 EPSS Score
  • May 22, 2026 EPSS Score
  • May 23, 2026 EPSS Score
  • May 24, 2026 EPSS Score
  • May 25, 2026 EPSS Score
  • May 26, 2026 EPSS Score
Open in Interactive Console →
$ Console Community · 100/wk Open console ›