CVE-2026-39808: A improper neutralization of special elements used in an os
A improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet FortiSandbox 4.4.0 through 4.4.8 may allow attacker to execute unauthorized code or commands via
- CISA KEV-listed (remediation due 2026-07-19)
- EPSS 48.7% (98.7% percentile)
- CVSS 9.8 critical