Free practical cybersecurity guidance for organisations without a security team.
hello@actionsoncyber.com
← Back to Vulnerability Briefs

Critical Security Flaw Found in Fortinet FortiSandbox Software

A serious security weakness has been found in certain versions of Fortinet FortiSandbox, a tool used to detect cyber threats. This flaw could let attackers gain higher access rights, potentially compromising your network. It is important for organisations using this software to check and update promptly.

17 June 2026

Reference: CVE-2026-39813

1. What is being reported?

Security experts have identified a vulnerability called a 'path traversal' in Fortinet FortiSandbox versions 4.4.0 to 4.4.8 and 5.0.0 to 5.0.5. This means attackers could trick the software into accessing files they should not be able to, allowing them to increase their control over the system.

2. What this means in plain English

If exploited, this flaw could let a cyber attacker gain more control than they should have, possibly leading to data theft or disruption of your IT systems. For small organisations, this could mean sensitive information is at risk or your systems could be used to launch further attacks.

3. Could this affect a small business?

Small businesses or charities using Fortinet FortiSandbox in the affected versions could be at risk. If you do not use this software, or use a different security solution, this vulnerability likely does not affect you.

4. What to do now

  • Check if your organisation uses Fortinet FortiSandbox and identify the version installed.
  • Contact your IT provider or software supplier to confirm if your version is affected.
  • Apply any available security updates or patches from Fortinet immediately.
  • Review your system access controls and monitor for unusual activity.

5. Ask your IT provider

Can you confirm if our Fortinet FortiSandbox software is affected by CVE-2026-39813, and have the necessary patches been applied to protect us?

6. Bottom line

If you use Fortinet FortiSandbox, act quickly to update and protect your systems from this critical vulnerability.

Information based on CISA KEV, NVD and reputable security reporting.

Back to Vulnerability Briefs