Main Vulnerability Database Vulnerabilities #VU126117

#VU126117 SQL injection in FortiDDoS-F - CVE-2026-39815

Published: April 15, 2026

Vulnerability identifier: #VU126117

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2026-39815

CWE-ID: CWE-89

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
FortiDDoS-F

Software vendor:
Fortinet, Inc

Description

The vulnerability allows a remote authenticated user to execute arbitrary code.

The vulnerability exists due to improper neutralization of special elements used in an sql command ('sql injection') via API. An authenticated attacker can run arbitrary SQL queries on the database by sending crafted HTTP requests.

Remediation

Install update from vendor's website.

External links

https://www.fortiguard.com/psirt/FG-IR-26-119

#VU126117 SQL injection in FortiDDoS-F - CVE-2026-39815

Description

Remediation

External links

Please verify you're human