ID:12624 - Exploit for OS Command Injection in FortiSandbox - CVE-2026-39808

Link to public exploit:

Vulnerability description

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

The vulnerability exists due to improper neutralization of special elements used in an OS command. A remote unauthenticated attacker can send a specially crafted HTTP request and execute unauthorized code or commands on the system.

Remediation