CVE-2026-39813

This bug lets an attacker trick FortiSandbox into looking at files it should not be able to access by using “../” style paths (like walking out of a locked room to reach something stored elsewhere). The report says this can lead to an escalation of privilege, meaning the attacker may be able to do more than they should after getting the flaw to trigger. Think of it like bypassing the security guard at a storage facility by giving directions that point to a different hallway than intended.

This matters to you if you run Fortinet FortiSandbox (including FortiSandbox 5.0.0 through 5.0.5, and FortiSandbox 4.4.0 through 4.4.8) or use Fortinet FortiSandbox Cloud. It is the type of vulnerability that can affect organizations that rely on FortiSandbox for analyzing or processing network content and want to keep that environment tightly controlled. Based on the information provided, the affected product names are Fortinet FortiSandbox and Fortinet FortiSandbox Cloud.

This is RED urgency because exploitation is reported “itw” (in the wild) and press attention is rising specifically due to active exploitation. With that kind of real-world targeting, waiting typically increases the odds that your system will be probed and attacked. Even though no public exploit is known, attackers can still act without needing one-click tools.

1. Check your FortiSandbox version and confirm whether you are in FortiSandbox 5.0.0–5.0.5 or 4.4.0–4.4.8 (or FortiSandbox Cloud) and therefore potentially affected. 2) Update FortiSandbox to a fixed version as soon as your vendor provides/approves it (or follow Fortinet’s emergency guidance for CVE-2026-39813). 3) If you can’t patch immediately, ask your IT/security person to temporarily reduce exposure (for example, limit who can reach the FortiSandbox interfaces from the internet and closely monitor for related suspicious activity).