Posting Date: 2026/04/29

【Vulnerability Alert】Critical Security Vulnerability in Fortinet FortiSandbox JRPC API (CVE-2026-39813)

  • Subject: 【Vulnerability Alert】Critical Security Vulnerability in Fortinet FortiSandbox JRPC API (CVE-2026-39813)


  • Description:
    • Forwarded from TWCERT/CC Security Alert TWCERTCC-200-202604-00000012.
    • Fortinet has released a report regarding a critical security vulnerability in the FortiSandbox JRPC API (CVE-2026-39813, CVSS: 9.8). This is a path traversal vulnerability that may allow unauthenticated attackers to bypass authentication via specially crafted HTTP requests.
  • Affected Platforms:
    • FortiSandbox versions 4.4.0 through 4.4.8 (inclusive)
    • FortiSandbox versions 5.0.0 through 5.0.5 (inclusive)
  • Recommended Actions:
    • Please update to the following versions:
    • FortiSandbox version 4.4.9 or later; FortiSandbox version 5.0.6 or later.
  • Reference:
    1. https://www.twcert.org.tw/tw/cp-169-10838-99d85-1.html

Computer and Communication Center
Network Systems Division