Posting Date: 2026/04/29

【Vulnerability Alert】Critical Security Vulnerability in Fortinet FortiSandbox JRPC API (CVE-2026-39813)

Subject: 【Vulnerability Alert】Critical Security Vulnerability in Fortinet FortiSandbox JRPC API (CVE-2026-39813)

Description:
- Forwarded from TWCERT/CC Security Alert TWCERTCC-200-202604-00000012.
- Fortinet has released a report regarding a critical security vulnerability in the FortiSandbox JRPC API (CVE-2026-39813, CVSS: 9.8). This is a path traversal vulnerability that may allow unauthenticated attackers to bypass authentication via specially crafted HTTP requests.
Affected Platforms:
- FortiSandbox versions 4.4.0 through 4.4.8 (inclusive)
- FortiSandbox versions 5.0.0 through 5.0.5 (inclusive)
Recommended Actions:
- Please update to the following versions:
- FortiSandbox version 4.4.9 or later; FortiSandbox version 5.0.6 or later.
Reference:
1. https://www.twcert.org.tw/tw/cp-169-10838-99d85-1.html

Computer and Communication Center
Network Systems Division