17 June 2026
Reference: CVE-2026-39813
1. What is being reported?
Security experts have identified a vulnerability called a 'path traversal' in Fortinet FortiSandbox versions 4.4.0 to 4.4.8 and 5.0.0 to 5.0.5. This means attackers could trick the software into accessing files they should not be able to, allowing them to increase their control over the system.
2. What this means in plain English
If exploited, this flaw could let a cyber attacker gain more control than they should have, possibly leading to data theft or disruption of your IT systems. For small organisations, this could mean sensitive information is at risk or your systems could be used to launch further attacks.
3. Could this affect a small business?
Small businesses or charities using Fortinet FortiSandbox in the affected versions could be at risk. If you do not use this software, or use a different security solution, this vulnerability likely does not affect you.
4. What to do now
- Check if your organisation uses Fortinet FortiSandbox and identify the version installed.
- Contact your IT provider or software supplier to confirm if your version is affected.
- Apply any available security updates or patches from Fortinet immediately.
- Review your system access controls and monitor for unusual activity.
5. Ask your IT provider
Can you confirm if our Fortinet FortiSandbox software is affected by CVE-2026-39813, and have the necessary patches been applied to protect us?
6. Bottom line
If you use Fortinet FortiSandbox, act quickly to update and protect your systems from this critical vulnerability.
Information based on CISA KEV, NVD and reputable security reporting.