Fortinet FortiSandbox OS Command Injection (CVE-2026-39808): KEV-Listed Command Injection Under Active Exploitation
CVE-2026-39808 is a KEV-listed OS command injection flaw in Fortinet FortiSandbox's management interface. Our detection catches it via anomalous process execution and shell-metacharacter requests across KQL, SPL, Elastic, QRadar, Sumo Logic, Chronicle, and CrowdStrike.