CVE-2026-39808 PoC — Fortinet FortiSandbox 操作系统命令注入漏洞

Source

https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2026/CVE-2026-39808.yaml

Associated Vulnerability

Title:Fortinet FortiSandbox 操作系统命令注入漏洞 (CVE-2026-39808)
Description:Fortinet FortiSandbox是美国飞塔（Fortinet）公司的一款APT（高级持续性威胁）防护设备。该设备提供双重沙盒技术、动态威胁智能系统、实时控制面板和报告等功能。 Fortinet FortiSandbox 4.4.0至4.4.8版本存在操作系统命令注入漏洞，该漏洞源于os命令注入，可能导致执行未经授权的代码或命令。

Description

Fortinet FortiSandbox 4.4.0 through 4.4.8 contains a command injection caused by improper neutralization of special elements in OS commands, letting attackers execute unauthorized code or commands, exploit requires crafted input.

File Snapshot


 id: CVE-2026-39808

info:
  name: Fortinet FortiSandbox - Command Injection
  author: DhiyaneshDk
  

...

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!