Common Weakness Enumeration

CWE-77

Improper Neutralization of Special Elements used in a Command ('Command Injection')

The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.

CVE-2026-4204 (GCVE-0-2026-4204)

Vulnerability from cvelistv5 – Published: 2026-03-16 01:02 – Updated: 2026-03-16 14:40
VLAI
Title
D-Link DNS-1550-04 gui_mgr.cgi cgi_mycloud_auto_downlaod command injection
Summary
A flaw has been found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20260205. The affected element is the function cgi_myfavorite_add/cgi_myfavorite_set/cgi_myfavorite_del/cgi_myfavorite_set_sort_info/cgi_myfavorite_remove_apkg/cgi_myfavorite_compare_apkg/cgi_mycloud_auto_downlaod of the file /cgi-bin/gui_mgr.cgi. This manipulation of the argument f_user causes command injection. Remote exploitation of the attack is possible. The exploit has been published and may be used.
SSVC
Exploitation: poc Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
Assigner
References
URL Tags
https://vuldb.com/?id.351116 vdb-entrytechnical-description
https://vuldb.com/?ctiid.351116 signaturepermissions-required
https://vuldb.com/?submit.770409 third-party-advisory
https://github.com/wudipjq/my_vuln/blob/main/D-Li… exploit
https://www.dlink.com/ product
Impacted products
Vendor Product Version
D-Link DNS-120 Affected: 20260205
Create a notification for this product.
D-Link DNR-202L Affected: 20260205
Create a notification for this product.
D-Link DNS-315L Affected: 20260205
Create a notification for this product.
D-Link DNS-320 Affected: 20260205
Create a notification for this product.
D-Link DNS-320L Affected: 20260205
Create a notification for this product.
D-Link DNS-320LW Affected: 20260205
Create a notification for this product.
D-Link DNS-321 Affected: 20260205
Create a notification for this product.
D-Link DNR-322L Affected: 20260205
Create a notification for this product.
D-Link DNS-323 Affected: 20260205
Create a notification for this product.
D-Link DNS-325 Affected: 20260205
Create a notification for this product.
D-Link DNS-326 Affected: 20260205
Create a notification for this product.
D-Link DNS-327L Affected: 20260205
Create a notification for this product.
D-Link DNR-326 Affected: 20260205
Create a notification for this product.
D-Link DNS-340L Affected: 20260205
Create a notification for this product.
D-Link DNS-343 Affected: 20260205
Create a notification for this product.
D-Link DNS-345 Affected: 20260205
Create a notification for this product.
D-Link DNS-726-4 Affected: 20260205
Create a notification for this product.
D-Link DNS-1100-4 Affected: 20260205
Create a notification for this product.
D-Link DNS-1200-05 Affected: 20260205
Create a notification for this product.
D-Link DNS-1550-04 Affected: 20260205
Create a notification for this product.
Credits
Bond (VulDB User)
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-4204",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-03-16T14:30:15.572243Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-03-16T14:40:36.556Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "DNS-120",
          "vendor": "D-Link",
          "versions": [
            {
              "status": "affected",
              "version": "20260205"
            }
          ]
        },
        {
          "product": "DNR-202L",
          "vendor": "D-Link",
          "versions": [
            {
              "status": "affected",
              "version": "20260205"
            }
          ]
        },
        {
          "product": "DNS-315L",
          "vendor": "D-Link",
          "versions": [
            {
              "status": "affected",
              "version": "20260205"
            }
          ]
        },
        {
          "product": "DNS-320",
          "vendor": "D-Link",
          "versions": [
            {
              "status": "affected",
              "version": "20260205"
            }
          ]
        },
        {
          "product": "DNS-320L",
          "vendor": "D-Link",
          "versions": [
            {
              "status": "affected",
              "version": "20260205"
            }
          ]
        },
        {
          "product": "DNS-320LW",
          "vendor": "D-Link",
          "versions": [
            {
              "status": "affected",
              "version": "20260205"
            }
          ]
        },
        {
          "product": "DNS-321",
          "vendor": "D-Link",
          "versions": [
            {
              "status": "affected",
              "version": "20260205"
            }
          ]
        },
        {
          "product": "DNR-322L",
          "vendor": "D-Link",
          "versions": [
            {
              "status": "affected",
              "version": "20260205"
            }
          ]
        },
        {
          "product": "DNS-323",
          "vendor": "D-Link",
          "versions": [
            {
              "status": "affected",
              "version": "20260205"
            }
          ]
        },
        {
          "product": "DNS-325",
          "vendor": "D-Link",
          "versions": [
            {
              "status": "affected",
              "version": "20260205"
            }
          ]
        },
        {
          "product": "DNS-326",
          "vendor": "D-Link",
          "versions": [
            {
              "status": "affected",
              "version": "20260205"
            }
          ]
        },
        {
          "product": "DNS-327L",
          "vendor": "D-Link",
          "versions": [
            {
              "status": "affected",
              "version": "20260205"
            }
          ]
        },
        {
          "product": "DNR-326",
          "vendor": "D-Link",
          "versions": [
            {
              "status": "affected",
              "version": "20260205"
            }
          ]
        },
        {
          "product": "DNS-340L",
          "vendor": "D-Link",
          "versions": [
            {
              "status": "affected",
              "version": "20260205"
            }
          ]
        },
        {
          "product": "DNS-343",
          "vendor": "D-Link",
          "versions": [
            {
              "status": "affected",
              "version": "20260205"
            }
          ]
        },
        {
          "product": "DNS-345",
          "vendor": "D-Link",
          "versions": [
            {
              "status": "affected",
              "version": "20260205"
            }
          ]
        },
        {
          "product": "DNS-726-4",
          "vendor": "D-Link",
          "versions": [
            {
              "status": "affected",
              "version": "20260205"
            }
          ]
        },
        {
          "product": "DNS-1100-4",
          "vendor": "D-Link",
          "versions": [
            {
              "status": "affected",
              "version": "20260205"
            }
          ]
        },
        {
          "product": "DNS-1200-05",
          "vendor": "D-Link",
          "versions": [
            {
              "status": "affected",
              "version": "20260205"
            }
          ]
        },
        {
          "product": "DNS-1550-04",
          "vendor": "D-Link",
          "versions": [
            {
              "status": "affected",
              "version": "20260205"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "Bond (VulDB User)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A flaw has been found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20260205. The affected element is the function cgi_myfavorite_add/cgi_myfavorite_set/cgi_myfavorite_del/cgi_myfavorite_set_sort_info/cgi_myfavorite_remove_apkg/cgi_myfavorite_compare_apkg/cgi_mycloud_auto_downlaod of the file /cgi-bin/gui_mgr.cgi. This manipulation of the argument f_user causes command injection. Remote exploitation of the attack is possible. The exploit has been published and may be used."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
            "version": "4.0"
          }
        },
        {
          "cvssV3_1": {
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
            "version": "3.1"
          }
        },
        {
          "cvssV3_0": {
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
            "version": "3.0"
          }
        },
        {
          "cvssV2_0": {
            "baseScore": 6.5,
            "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
            "version": "2.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-77",
              "description": "Command Injection",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-74",
              "description": "Injection",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-03-16T01:02:15.336Z",
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB"
      },
      "references": [
        {
          "name": "VDB-351116 | D-Link DNS-1550-04 gui_mgr.cgi cgi_mycloud_auto_downlaod command injection",
          "tags": [
            "vdb-entry",
            "technical-description"
          ],
          "url": "https://vuldb.com/?id.351116"
        },
        {
          "name": "VDB-351116 | CTI Indicators (IOB, IOC, TTP, IOA)",
          "tags": [
            "signature",
            "permissions-required"
          ],
          "url": "https://vuldb.com/?ctiid.351116"
        },
        {
          "name": "Submit #770409 | D-Link DNS-120/202L/315L/320/320L/320LW/321/322L/323/325/326/327L/326/340L/343/345/726-4/1100-4/1200-05/1550-04 up to 20260205 Command Injection",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/?submit.770409"
        },
        {
          "tags": [
            "exploit"
          ],
          "url": "https://github.com/wudipjq/my_vuln/blob/main/D-Link8/vuln_130/130.md"
        },
        {
          "tags": [
            "product"
          ],
          "url": "https://www.dlink.com/"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2026-03-15T00:00:00.000Z",
          "value": "Advisory disclosed"
        },
        {
          "lang": "en",
          "time": "2026-03-15T01:00:00.000Z",
          "value": "VulDB entry created"
        },
        {
          "lang": "en",
          "time": "2026-03-15T12:40:29.000Z",
          "value": "VulDB entry last update"
        }
      ],
      "title": "D-Link DNS-1550-04 gui_mgr.cgi cgi_mycloud_auto_downlaod command injection"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "cveId": "CVE-2026-4204",
    "datePublished": "2026-03-16T01:02:15.336Z",
    "dateReserved": "2026-03-15T11:35:22.425Z",
    "dateUpdated": "2026-03-16T14:40:36.556Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-4205 (GCVE-0-2026-4205)

Vulnerability from cvelistv5 – Published: 2026-03-16 01:32 – Updated: 2026-03-16 14:40
VLAI
Title
D-Link DNS-1550-04 app_mgr.cgi FTP_Server_BlockIP_Del command injection
Summary
A vulnerability has been found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20260205. The impacted element is the function cgi_refresh_db/FTP_Server_BlockIP_Add/FTP_Server_BlockIP_Del of the file /cgi-bin/app_mgr.cgi. Such manipulation leads to command injection. The attack can be executed remotely. The exploit has been disclosed to the public and may be used.
SSVC
Exploitation: poc Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
Assigner
References
Impacted products
Vendor Product Version
D-Link DNS-120 Affected: 20260205
Create a notification for this product.
D-Link DNR-202L Affected: 20260205
Create a notification for this product.
D-Link DNS-315L Affected: 20260205
Create a notification for this product.
D-Link DNS-320 Affected: 20260205
Create a notification for this product.
D-Link DNS-320L Affected: 20260205
Create a notification for this product.
D-Link DNS-320LW Affected: 20260205
Create a notification for this product.
D-Link DNS-321 Affected: 20260205
Create a notification for this product.
D-Link DNR-322L Affected: 20260205
Create a notification for this product.
D-Link DNS-323 Affected: 20260205
Create a notification for this product.
D-Link DNS-325 Affected: 20260205
Create a notification for this product.
D-Link DNS-326 Affected: 20260205
Create a notification for this product.
D-Link DNS-327L Affected: 20260205
Create a notification for this product.
D-Link DNR-326 Affected: 20260205
Create a notification for this product.
D-Link DNS-340L Affected: 20260205
Create a notification for this product.
D-Link DNS-343 Affected: 20260205
Create a notification for this product.
D-Link DNS-345 Affected: 20260205
Create a notification for this product.
D-Link DNS-726-4 Affected: 20260205
Create a notification for this product.
D-Link DNS-1100-4 Affected: 20260205
Create a notification for this product.
D-Link DNS-1200-05 Affected: 20260205
Create a notification for this product.
D-Link DNS-1550-04 Affected: 20260205
Create a notification for this product.
Credits
Bond (VulDB User)
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-4205",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-03-16T14:29:32.625443Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-03-16T14:40:36.751Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "DNS-120",
          "vendor": "D-Link",
          "versions": [
            {
              "status": "affected",
              "version": "20260205"
            }
          ]
        },
        {
          "product": "DNR-202L",
          "vendor": "D-Link",
          "versions": [
            {
              "status": "affected",
              "version": "20260205"
            }
          ]
        },
        {
          "product": "DNS-315L",
          "vendor": "D-Link",
          "versions": [
            {
              "status": "affected",
              "version": "20260205"
            }
          ]
        },
        {
          "product": "DNS-320",
          "vendor": "D-Link",
          "versions": [
            {
              "status": "affected",
              "version": "20260205"
            }
          ]
        },
        {
          "product": "DNS-320L",
          "vendor": "D-Link",
          "versions": [
            {
              "status": "affected",
              "version": "20260205"
            }
          ]
        },
        {
          "product": "DNS-320LW",
          "vendor": "D-Link",
          "versions": [
            {
              "status": "affected",
              "version": "20260205"
            }
          ]
        },
        {
          "product": "DNS-321",
          "vendor": "D-Link",
          "versions": [
            {
              "status": "affected",
              "version": "20260205"
            }
          ]
        },
        {
          "product": "DNR-322L",
          "vendor": "D-Link",
          "versions": [
            {
              "status": "affected",
              "version": "20260205"
            }
          ]
        },
        {
          "product": "DNS-323",
          "vendor": "D-Link",
          "versions": [
            {
              "status": "affected",
              "version": "20260205"
            }
          ]
        },
        {
          "product": "DNS-325",
          "vendor": "D-Link",
          "versions": [
            {
              "status": "affected",
              "version": "20260205"
            }
          ]
        },
        {
          "product": "DNS-326",
          "vendor": "D-Link",
          "versions": [
            {
              "status": "affected",
              "version": "20260205"
            }
          ]
        },
        {
          "product": "DNS-327L",
          "vendor": "D-Link",
          "versions": [
            {
              "status": "affected",
              "version": "20260205"
            }
          ]
        },
        {
          "product": "DNR-326",
          "vendor": "D-Link",
          "versions": [
            {
              "status": "affected",
              "version": "20260205"
            }
          ]
        },
        {
          "product": "DNS-340L",
          "vendor": "D-Link",
          "versions": [
            {
              "status": "affected",
              "version": "20260205"
            }
          ]
        },
        {
          "product": "DNS-343",
          "vendor": "D-Link",
          "versions": [
            {
              "status": "affected",
              "version": "20260205"
            }
          ]
        },
        {
          "product": "DNS-345",
          "vendor": "D-Link",
          "versions": [
            {
              "status": "affected",
              "version": "20260205"
            }
          ]
        },
        {
          "product": "DNS-726-4",
          "vendor": "D-Link",
          "versions": [
            {
              "status": "affected",
              "version": "20260205"
            }
          ]
        },
        {
          "product": "DNS-1100-4",
          "vendor": "D-Link",
          "versions": [
            {
              "status": "affected",
              "version": "20260205"
            }
          ]
        },
        {
          "product": "DNS-1200-05",
          "vendor": "D-Link",
          "versions": [
            {
              "status": "affected",
              "version": "20260205"
            }
          ]
        },
        {
          "product": "DNS-1550-04",
          "vendor": "D-Link",
          "versions": [
            {
              "status": "affected",
              "version": "20260205"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "Bond (VulDB User)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability has been found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20260205. The impacted element is the function cgi_refresh_db/FTP_Server_BlockIP_Add/FTP_Server_BlockIP_Del of the file /cgi-bin/app_mgr.cgi. Such manipulation leads to command injection. The attack can be executed remotely. The exploit has been disclosed to the public and may be used."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
            "version": "4.0"
          }
        },
        {
          "cvssV3_1": {
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
            "version": "3.1"
          }
        },
        {
          "cvssV3_0": {
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
            "version": "3.0"
          }
        },
        {
          "cvssV2_0": {
            "baseScore": 6.5,
            "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
            "version": "2.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-77",
              "description": "Command Injection",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-74",
              "description": "Injection",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-03-16T01:32:09.418Z",
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB"
      },
      "references": [
        {
          "name": "VDB-351117 | D-Link DNS-1550-04 app_mgr.cgi FTP_Server_BlockIP_Del command injection",
          "tags": [
            "vdb-entry",
            "technical-description"
          ],
          "url": "https://vuldb.com/?id.351117"
        },
        {
          "name": "VDB-351117 | CTI Indicators (IOB, IOC, TTP, IOA)",
          "tags": [
            "signature",
            "permissions-required"
          ],
          "url": "https://vuldb.com/?ctiid.351117"
        },
        {
          "name": "Submit #770410 | D-Link DNS-120/202L/315L/320/320L/320LW/321/322L/323/325/326/327L/326/340L/343/345/726-4/1100-4/1200-05/1550-04 up to 20260205 Command Injection",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/?submit.770410"
        },
        {
          "name": "Submit #770411 | D-Link DNS-120/202L/315L/320/320L/320LW/321/322L/323/325/326/327L/326/340L/343/345/726-4/1100-4/1200-05/1550-04 up to 20260205 Command Injection (Duplicate)",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/?submit.770411"
        },
        {
          "name": "Submit #770412 | D-Link DNS-120/202L/315L/320/320L/320LW/321/322L/323/325/326/327L/326/340L/343/345/726-4/1100-4/1200-05/1550-04 up to 20260205 Command Injection (Duplicate)",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/?submit.770412"
        },
        {
          "tags": [
            "related"
          ],
          "url": "https://github.com/wudipjq/my_vuln/blob/main/D-Link8/vuln_131/131.md"
        },
        {
          "tags": [
            "exploit"
          ],
          "url": "https://github.com/wudipjq/my_vuln/blob/main/D-Link8/vuln_132/132.md"
        },
        {
          "tags": [
            "product"
          ],
          "url": "https://www.dlink.com/"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2026-03-15T00:00:00.000Z",
          "value": "Advisory disclosed"
        },
        {
          "lang": "en",
          "time": "2026-03-15T01:00:00.000Z",
          "value": "VulDB entry created"
        },
        {
          "lang": "en",
          "time": "2026-03-15T12:42:00.000Z",
          "value": "VulDB entry last update"
        }
      ],
      "title": "D-Link DNS-1550-04 app_mgr.cgi FTP_Server_BlockIP_Del command injection"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "cveId": "CVE-2026-4205",
    "datePublished": "2026-03-16T01:32:09.418Z",
    "dateReserved": "2026-03-15T11:36:55.279Z",
    "dateUpdated": "2026-03-16T14:40:36.751Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-4206 (GCVE-0-2026-4206)

Vulnerability from cvelistv5 – Published: 2026-03-16 02:02 – Updated: 2026-03-16 14:40
VLAI
Title
D-Link DNS-1550-04 dsk_mgr.cgi ScanDisk_run_e2fsck command injection
Summary
A vulnerability was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20260205. This affects the function FMT_rebuild_diskmgr/FMT_create_diskmgr/ScanDisk_run_e2fsck of the file /cgi-bin/dsk_mgr.cgi. Performing a manipulation results in command injection. The attack is possible to be carried out remotely. The exploit has been made public and could be used.
SSVC
Exploitation: poc Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
Assigner
References
Impacted products
Vendor Product Version
D-Link DNS-120 Affected: 20260205
Create a notification for this product.
D-Link DNR-202L Affected: 20260205
Create a notification for this product.
D-Link DNS-315L Affected: 20260205
Create a notification for this product.
D-Link DNS-320 Affected: 20260205
Create a notification for this product.
D-Link DNS-320L Affected: 20260205
Create a notification for this product.
D-Link DNS-320LW Affected: 20260205
Create a notification for this product.
D-Link DNS-321 Affected: 20260205
Create a notification for this product.
D-Link DNR-322L Affected: 20260205
Create a notification for this product.
D-Link DNS-323 Affected: 20260205
Create a notification for this product.
D-Link DNS-325 Affected: 20260205
Create a notification for this product.
D-Link DNS-326 Affected: 20260205
Create a notification for this product.
D-Link DNS-327L Affected: 20260205
Create a notification for this product.
D-Link DNR-326 Affected: 20260205
Create a notification for this product.
D-Link DNS-340L Affected: 20260205
Create a notification for this product.
D-Link DNS-343 Affected: 20260205
Create a notification for this product.
D-Link DNS-345 Affected: 20260205
Create a notification for this product.
D-Link DNS-726-4 Affected: 20260205
Create a notification for this product.
D-Link DNS-1100-4 Affected: 20260205
Create a notification for this product.
D-Link DNS-1200-05 Affected: 20260205
Create a notification for this product.
D-Link DNS-1550-04 Affected: 20260205
Create a notification for this product.
Credits
Bond_yes (VulDB User)
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-4206",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-03-16T14:28:50.753053Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-03-16T14:40:36.926Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "DNS-120",
          "vendor": "D-Link",
          "versions": [
            {
              "status": "affected",
              "version": "20260205"
            }
          ]
        },
        {
          "product": "DNR-202L",
          "vendor": "D-Link",
          "versions": [
            {
              "status": "affected",
              "version": "20260205"
            }
          ]
        },
        {
          "product": "DNS-315L",
          "vendor": "D-Link",
          "versions": [
            {
              "status": "affected",
              "version": "20260205"
            }
          ]
        },
        {
          "product": "DNS-320",
          "vendor": "D-Link",
          "versions": [
            {
              "status": "affected",
              "version": "20260205"
            }
          ]
        },
        {
          "product": "DNS-320L",
          "vendor": "D-Link",
          "versions": [
            {
              "status": "affected",
              "version": "20260205"
            }
          ]
        },
        {
          "product": "DNS-320LW",
          "vendor": "D-Link",
          "versions": [
            {
              "status": "affected",
              "version": "20260205"
            }
          ]
        },
        {
          "product": "DNS-321",
          "vendor": "D-Link",
          "versions": [
            {
              "status": "affected",
              "version": "20260205"
            }
          ]
        },
        {
          "product": "DNR-322L",
          "vendor": "D-Link",
          "versions": [
            {
              "status": "affected",
              "version": "20260205"
            }
          ]
        },
        {
          "product": "DNS-323",
          "vendor": "D-Link",
          "versions": [
            {
              "status": "affected",
              "version": "20260205"
            }
          ]
        },
        {
          "product": "DNS-325",
          "vendor": "D-Link",
          "versions": [
            {
              "status": "affected",
              "version": "20260205"
            }
          ]
        },
        {
          "product": "DNS-326",
          "vendor": "D-Link",
          "versions": [
            {
              "status": "affected",
              "version": "20260205"
            }
          ]
        },
        {
          "product": "DNS-327L",
          "vendor": "D-Link",
          "versions": [
            {
              "status": "affected",
              "version": "20260205"
            }
          ]
        },
        {
          "product": "DNR-326",
          "vendor": "D-Link",
          "versions": [
            {
              "status": "affected",
              "version": "20260205"
            }
          ]
        },
        {
          "product": "DNS-340L",
          "vendor": "D-Link",
          "versions": [
            {
              "status": "affected",
              "version": "20260205"
            }
          ]
        },
        {
          "product": "DNS-343",
          "vendor": "D-Link",
          "versions": [
            {
              "status": "affected",
              "version": "20260205"
            }
          ]
        },
        {
          "product": "DNS-345",
          "vendor": "D-Link",
          "versions": [
            {
              "status": "affected",
              "version": "20260205"
            }
          ]
        },
        {
          "product": "DNS-726-4",
          "vendor": "D-Link",
          "versions": [
            {
              "status": "affected",
              "version": "20260205"
            }
          ]
        },
        {
          "product": "DNS-1100-4",
          "vendor": "D-Link",
          "versions": [
            {
              "status": "affected",
              "version": "20260205"
            }
          ]
        },
        {
          "product": "DNS-1200-05",
          "vendor": "D-Link",
          "versions": [
            {
              "status": "affected",
              "version": "20260205"
            }
          ]
        },
        {
          "product": "DNS-1550-04",
          "vendor": "D-Link",
          "versions": [
            {
              "status": "affected",
              "version": "20260205"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "Bond_yes (VulDB User)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20260205. This affects the function FMT_rebuild_diskmgr/FMT_create_diskmgr/ScanDisk_run_e2fsck of the file /cgi-bin/dsk_mgr.cgi. Performing a manipulation results in command injection. The attack is possible to be carried out remotely. The exploit has been made public and could be used."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
            "version": "4.0"
          }
        },
        {
          "cvssV3_1": {
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
            "version": "3.1"
          }
        },
        {
          "cvssV3_0": {
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
            "version": "3.0"
          }
        },
        {
          "cvssV2_0": {
            "baseScore": 6.5,
            "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
            "version": "2.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-77",
              "description": "Command Injection",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-74",
              "description": "Injection",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-03-16T02:02:10.513Z",
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB"
      },
      "references": [
        {
          "name": "VDB-351118 | D-Link DNS-1550-04 dsk_mgr.cgi ScanDisk_run_e2fsck command injection",
          "tags": [
            "vdb-entry",
            "technical-description"
          ],
          "url": "https://vuldb.com/?id.351118"
        },
        {
          "name": "VDB-351118 | CTI Indicators (IOB, IOC, TTP, IOA)",
          "tags": [
            "signature",
            "permissions-required"
          ],
          "url": "https://vuldb.com/?ctiid.351118"
        },
        {
          "name": "Submit #770417 | D-Link DNS-120/202L/315L/320/320L/320LW/321/322L/323/325/326/327L/326/340L/343/345/726-4/1100-4/1200-05/1550-04 up to 20260205 Command Injection",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/?submit.770417"
        },
        {
          "name": "Submit #770418 | D-Link DNS-120/202L/315L/320/320L/320LW/321/322L/323/325/326/327L/326/340L/343/345/726-4/1100-4/1200-05/1550-04 up to 20260205 Command Injection (Duplicate)",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/?submit.770418"
        },
        {
          "name": "Submit #770419 | D-Link DNS-120/202L/315L/320/320L/320LW/321/322L/323/325/326/327L/326/340L/343/345/726-4/1100-4/1200-05/1550-04 up to 20260205 Command Injection (Duplicate)",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/?submit.770419"
        },
        {
          "tags": [
            "related"
          ],
          "url": "https://github.com/wudipjq/my_vuln/blob/main/D-Link8/vuln_138/138.md"
        },
        {
          "tags": [
            "exploit"
          ],
          "url": "https://github.com/wudipjq/my_vuln/blob/main/D-Link8/vuln_139/139.md"
        },
        {
          "tags": [
            "product"
          ],
          "url": "https://www.dlink.com/"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2026-03-15T00:00:00.000Z",
          "value": "Advisory disclosed"
        },
        {
          "lang": "en",
          "time": "2026-03-15T01:00:00.000Z",
          "value": "VulDB entry created"
        },
        {
          "lang": "en",
          "time": "2026-03-15T12:53:59.000Z",
          "value": "VulDB entry last update"
        }
      ],
      "title": "D-Link DNS-1550-04 dsk_mgr.cgi ScanDisk_run_e2fsck command injection"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "cveId": "CVE-2026-4206",
    "datePublished": "2026-03-16T02:02:10.513Z",
    "dateReserved": "2026-03-15T11:48:52.848Z",
    "dateUpdated": "2026-03-16T14:40:36.926Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-4207 (GCVE-0-2026-4207)

Vulnerability from cvelistv5 – Published: 2026-03-16 02:32 – Updated: 2026-03-16 14:40
VLAI
Title
D-Link DNS-1550-04 system_mgr.cgi cgi_ntp_time command injection
Summary
A vulnerability was determined in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20260205. This impacts the function cgi_device/cgi_sms_test/cgi_firmware_upload/cgi_ntp_time of the file /cgi-bin/system_mgr.cgi. Executing a manipulation can lead to command injection. The attack may be performed from remote. The exploit has been publicly disclosed and may be utilized.
SSVC
Exploitation: poc Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
Assigner
References
Impacted products
Vendor Product Version
D-Link DNS-120 Affected: 20260205
Create a notification for this product.
D-Link DNR-202L Affected: 20260205
Create a notification for this product.
D-Link DNS-315L Affected: 20260205
Create a notification for this product.
D-Link DNS-320 Affected: 20260205
Create a notification for this product.
D-Link DNS-320L Affected: 20260205
Create a notification for this product.
D-Link DNS-320LW Affected: 20260205
Create a notification for this product.
D-Link DNS-321 Affected: 20260205
Create a notification for this product.
D-Link DNR-322L Affected: 20260205
Create a notification for this product.
D-Link DNS-323 Affected: 20260205
Create a notification for this product.
D-Link DNS-325 Affected: 20260205
Create a notification for this product.
D-Link DNS-326 Affected: 20260205
Create a notification for this product.
D-Link DNS-327L Affected: 20260205
Create a notification for this product.
D-Link DNR-326 Affected: 20260205
Create a notification for this product.
D-Link DNS-340L Affected: 20260205
Create a notification for this product.
D-Link DNS-343 Affected: 20260205
Create a notification for this product.
D-Link DNS-345 Affected: 20260205
Create a notification for this product.
D-Link DNS-726-4 Affected: 20260205
Create a notification for this product.
D-Link DNS-1100-4 Affected: 20260205
Create a notification for this product.
D-Link DNS-1200-05 Affected: 20260205
Create a notification for this product.
D-Link DNS-1550-04 Affected: 20260205
Create a notification for this product.
Credits
Bond_yes (VulDB User)
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-4207",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-03-16T14:28:23.019189Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-03-16T14:40:37.095Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "DNS-120",
          "vendor": "D-Link",
          "versions": [
            {
              "status": "affected",
              "version": "20260205"
            }
          ]
        },
        {
          "product": "DNR-202L",
          "vendor": "D-Link",
          "versions": [
            {
              "status": "affected",
              "version": "20260205"
            }
          ]
        },
        {
          "product": "DNS-315L",
          "vendor": "D-Link",
          "versions": [
            {
              "status": "affected",
              "version": "20260205"
            }
          ]
        },
        {
          "product": "DNS-320",
          "vendor": "D-Link",
          "versions": [
            {
              "status": "affected",
              "version": "20260205"
            }
          ]
        },
        {
          "product": "DNS-320L",
          "vendor": "D-Link",
          "versions": [
            {
              "status": "affected",
              "version": "20260205"
            }
          ]
        },
        {
          "product": "DNS-320LW",
          "vendor": "D-Link",
          "versions": [
            {
              "status": "affected",
              "version": "20260205"
            }
          ]
        },
        {
          "product": "DNS-321",
          "vendor": "D-Link",
          "versions": [
            {
              "status": "affected",
              "version": "20260205"
            }
          ]
        },
        {
          "product": "DNR-322L",
          "vendor": "D-Link",
          "versions": [
            {
              "status": "affected",
              "version": "20260205"
            }
          ]
        },
        {
          "product": "DNS-323",
          "vendor": "D-Link",
          "versions": [
            {
              "status": "affected",
              "version": "20260205"
            }
          ]
        },
        {
          "product": "DNS-325",
          "vendor": "D-Link",
          "versions": [
            {
              "status": "affected",
              "version": "20260205"
            }
          ]
        },
        {
          "product": "DNS-326",
          "vendor": "D-Link",
          "versions": [
            {
              "status": "affected",
              "version": "20260205"
            }
          ]
        },
        {
          "product": "DNS-327L",
          "vendor": "D-Link",
          "versions": [
            {
              "status": "affected",
              "version": "20260205"
            }
          ]
        },
        {
          "product": "DNR-326",
          "vendor": "D-Link",
          "versions": [
            {
              "status": "affected",
              "version": "20260205"
            }
          ]
        },
        {
          "product": "DNS-340L",
          "vendor": "D-Link",
          "versions": [
            {
              "status": "affected",
              "version": "20260205"
            }
          ]
        },
        {
          "product": "DNS-343",
          "vendor": "D-Link",
          "versions": [
            {
              "status": "affected",
              "version": "20260205"
            }
          ]
        },
        {
          "product": "DNS-345",
          "vendor": "D-Link",
          "versions": [
            {
              "status": "affected",
              "version": "20260205"
            }
          ]
        },
        {
          "product": "DNS-726-4",
          "vendor": "D-Link",
          "versions": [
            {
              "status": "affected",
              "version": "20260205"
            }
          ]
        },
        {
          "product": "DNS-1100-4",
          "vendor": "D-Link",
          "versions": [
            {
              "status": "affected",
              "version": "20260205"
            }
          ]
        },
        {
          "product": "DNS-1200-05",
          "vendor": "D-Link",
          "versions": [
            {
              "status": "affected",
              "version": "20260205"
            }
          ]
        },
        {
          "product": "DNS-1550-04",
          "vendor": "D-Link",
          "versions": [
            {
              "status": "affected",
              "version": "20260205"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "Bond_yes (VulDB User)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability was determined in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20260205. This impacts the function cgi_device/cgi_sms_test/cgi_firmware_upload/cgi_ntp_time of the file /cgi-bin/system_mgr.cgi. Executing a manipulation can lead to command injection. The attack may be performed from remote. The exploit has been publicly disclosed and may be utilized."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
            "version": "4.0"
          }
        },
        {
          "cvssV3_1": {
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
            "version": "3.1"
          }
        },
        {
          "cvssV3_0": {
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
            "version": "3.0"
          }
        },
        {
          "cvssV2_0": {
            "baseScore": 6.5,
            "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
            "version": "2.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-77",
              "description": "Command Injection",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-74",
              "description": "Injection",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-03-16T02:32:08.998Z",
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB"
      },
      "references": [
        {
          "name": "VDB-351119 | D-Link DNS-1550-04 system_mgr.cgi cgi_ntp_time command injection",
          "tags": [
            "vdb-entry",
            "technical-description"
          ],
          "url": "https://vuldb.com/?id.351119"
        },
        {
          "name": "VDB-351119 | CTI Indicators (IOB, IOC, TTP, IOA)",
          "tags": [
            "signature",
            "permissions-required"
          ],
          "url": "https://vuldb.com/?ctiid.351119"
        },
        {
          "name": "Submit #770420 | D-Link DNS-120/202L/315L/320/320L/320LW/321/322L/323/325/326/327L/326/340L/343/345/726-4/1100-4/1200-05/1550-04 up to 20260205 Command Injection",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/?submit.770420"
        },
        {
          "name": "Submit #770422 | D-Link DNS-120/202L/315L/320/320L/320LW/321/322L/323/325/326/327L/326/340L/343/345/726-4/1100-4/1200-05/1550-04 up to 20260205 Command Injection (Duplicate)",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/?submit.770422"
        },
        {
          "name": "Submit #770423 | D-Link DNS-120/202L/315L/320/320L/320LW/321/322L/323/325/326/327L/326/340L/343/345/726-4/1100-4/1200-05/1550-04 up to 20260205 Command Injection (Duplicate)",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/?submit.770423"
        },
        {
          "name": "Submit #770425 | D-Link DNS-120/202L/315L/320/320L/320LW/321/322L/323/325/326/327L/326/340L/343/345/726-4/1100-4/1200-05/1550-04 up to 20260205 Command Injection (Duplicate)",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/?submit.770425"
        },
        {
          "tags": [
            "related"
          ],
          "url": "https://github.com/wudipjq/my_vuln/blob/main/D-Link8/vuln_141/141.md"
        },
        {
          "tags": [
            "exploit"
          ],
          "url": "https://github.com/wudipjq/my_vuln/blob/main/D-Link8/vuln_142/142.md"
        },
        {
          "tags": [
            "product"
          ],
          "url": "https://www.dlink.com/"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2026-03-15T00:00:00.000Z",
          "value": "Advisory disclosed"
        },
        {
          "lang": "en",
          "time": "2026-03-15T01:00:00.000Z",
          "value": "VulDB entry created"
        },
        {
          "lang": "en",
          "time": "2026-03-15T12:56:19.000Z",
          "value": "VulDB entry last update"
        }
      ],
      "title": "D-Link DNS-1550-04 system_mgr.cgi cgi_ntp_time command injection"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "cveId": "CVE-2026-4207",
    "datePublished": "2026-03-16T02:32:08.998Z",
    "dateReserved": "2026-03-15T11:51:15.813Z",
    "dateUpdated": "2026-03-16T14:40:37.095Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-4209 (GCVE-0-2026-4209)

Vulnerability from cvelistv5 – Published: 2026-03-16 02:32 – Updated: 2026-03-16 15:31
VLAI
Title
D-Link DNS-1550-04 account_mgr.cgi cgi_chg_admin_pw command injection
Summary
A vulnerability was identified in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20260205. Affected is the function cgi_create_import_users/cgi_user_batch_create/cgi_user_set_quota/cgi_user_del/cgi_user_modify/cgi_group_set_quota/cgi_group_modify/cgi_group_add/cgi_user_add/cgi_get_modify_group_info/cgi_chg_admin_pw of the file /cgi-bin/account_mgr.cgi. The manipulation leads to command injection. It is possible to initiate the attack remotely. The exploit is publicly available and might be used.
SSVC
Exploitation: poc Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
References
Impacted products
Vendor Product Version
D-Link DNS-120 Affected: 20260205
Create a notification for this product.
D-Link DNR-202L Affected: 20260205
Create a notification for this product.
D-Link DNS-315L Affected: 20260205
Create a notification for this product.
D-Link DNS-320 Affected: 20260205
Create a notification for this product.
D-Link DNS-320L Affected: 20260205
Create a notification for this product.
D-Link DNS-320LW Affected: 20260205
Create a notification for this product.
D-Link DNS-321 Affected: 20260205
Create a notification for this product.
D-Link DNR-322L Affected: 20260205
Create a notification for this product.
D-Link DNS-323 Affected: 20260205
Create a notification for this product.
D-Link DNS-325 Affected: 20260205
Create a notification for this product.
D-Link DNS-326 Affected: 20260205
Create a notification for this product.
D-Link DNS-327L Affected: 20260205
Create a notification for this product.
D-Link DNR-326 Affected: 20260205
Create a notification for this product.
D-Link DNS-340L Affected: 20260205
Create a notification for this product.
D-Link DNS-343 Affected: 20260205
Create a notification for this product.
D-Link DNS-345 Affected: 20260205
Create a notification for this product.
D-Link DNS-726-4 Affected: 20260205
Create a notification for this product.
D-Link DNS-1100-4 Affected: 20260205
Create a notification for this product.
D-Link DNS-1200-05 Affected: 20260205
Create a notification for this product.
D-Link DNS-1550-04 Affected: 20260205
Create a notification for this product.
Credits
pjqwudi (VulDB User)
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-4209",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-03-16T15:31:50.168450Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-03-16T15:31:58.188Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "DNS-120",
          "vendor": "D-Link",
          "versions": [
            {
              "status": "affected",
              "version": "20260205"
            }
          ]
        },
        {
          "product": "DNR-202L",
          "vendor": "D-Link",
          "versions": [
            {
              "status": "affected",
              "version": "20260205"
            }
          ]
        },
        {
          "product": "DNS-315L",
          "vendor": "D-Link",
          "versions": [
            {
              "status": "affected",
              "version": "20260205"
            }
          ]
        },
        {
          "product": "DNS-320",
          "vendor": "D-Link",
          "versions": [
            {
              "status": "affected",
              "version": "20260205"
            }
          ]
        },
        {
          "product": "DNS-320L",
          "vendor": "D-Link",
          "versions": [
            {
              "status": "affected",
              "version": "20260205"
            }
          ]
        },
        {
          "product": "DNS-320LW",
          "vendor": "D-Link",
          "versions": [
            {
              "status": "affected",
              "version": "20260205"
            }
          ]
        },
        {
          "product": "DNS-321",
          "vendor": "D-Link",
          "versions": [
            {
              "status": "affected",
              "version": "20260205"
            }
          ]
        },
        {
          "product": "DNR-322L",
          "vendor": "D-Link",
          "versions": [
            {
              "status": "affected",
              "version": "20260205"
            }
          ]
        },
        {
          "product": "DNS-323",
          "vendor": "D-Link",
          "versions": [
            {
              "status": "affected",
              "version": "20260205"
            }
          ]
        },
        {
          "product": "DNS-325",
          "vendor": "D-Link",
          "versions": [
            {
              "status": "affected",
              "version": "20260205"
            }
          ]
        },
        {
          "product": "DNS-326",
          "vendor": "D-Link",
          "versions": [
            {
              "status": "affected",
              "version": "20260205"
            }
          ]
        },
        {
          "product": "DNS-327L",
          "vendor": "D-Link",
          "versions": [
            {
              "status": "affected",
              "version": "20260205"
            }
          ]
        },
        {
          "product": "DNR-326",
          "vendor": "D-Link",
          "versions": [
            {
              "status": "affected",
              "version": "20260205"
            }
          ]
        },
        {
          "product": "DNS-340L",
          "vendor": "D-Link",
          "versions": [
            {
              "status": "affected",
              "version": "20260205"
            }
          ]
        },
        {
          "product": "DNS-343",
          "vendor": "D-Link",
          "versions": [
            {
              "status": "affected",
              "version": "20260205"
            }
          ]
        },
        {
          "product": "DNS-345",
          "vendor": "D-Link",
          "versions": [
            {
              "status": "affected",
              "version": "20260205"
            }
          ]
        },
        {
          "product": "DNS-726-4",
          "vendor": "D-Link",
          "versions": [
            {
              "status": "affected",
              "version": "20260205"
            }
          ]
        },
        {
          "product": "DNS-1100-4",
          "vendor": "D-Link",
          "versions": [
            {
              "status": "affected",
              "version": "20260205"
            }
          ]
        },
        {
          "product": "DNS-1200-05",
          "vendor": "D-Link",
          "versions": [
            {
              "status": "affected",
              "version": "20260205"
            }
          ]
        },
        {
          "product": "DNS-1550-04",
          "vendor": "D-Link",
          "versions": [
            {
              "status": "affected",
              "version": "20260205"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "pjqwudi (VulDB User)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability was identified in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20260205. Affected is the function cgi_create_import_users/cgi_user_batch_create/cgi_user_set_quota/cgi_user_del/cgi_user_modify/cgi_group_set_quota/cgi_group_modify/cgi_group_add/cgi_user_add/cgi_get_modify_group_info/cgi_chg_admin_pw of the file /cgi-bin/account_mgr.cgi. The manipulation leads to command injection. It is possible to initiate the attack remotely. The exploit is publicly available and might be used."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
            "version": "4.0"
          }
        },
        {
          "cvssV3_1": {
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
            "version": "3.1"
          }
        },
        {
          "cvssV3_0": {
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
            "version": "3.0"
          }
        },
        {
          "cvssV2_0": {
            "baseScore": 6.5,
            "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
            "version": "2.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-77",
              "description": "Command Injection",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-74",
              "description": "Injection",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-03-16T02:32:13.384Z",
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB"
      },
      "references": [
        {
          "name": "VDB-351120 | D-Link DNS-1550-04 account_mgr.cgi cgi_chg_admin_pw command injection",
          "tags": [
            "vdb-entry",
            "technical-description"
          ],
          "url": "https://vuldb.com/?id.351120"
        },
        {
          "name": "VDB-351120 | CTI Indicators (IOB, IOC, TTP, IOA)",
          "tags": [
            "signature",
            "permissions-required"
          ],
          "url": "https://vuldb.com/?ctiid.351120"
        },
        {
          "name": "Submit #770429 | D-Link DNS-120/202L/315L/320/320L/320LW/321/322L/323/325/326/327L/326/340L/343/345/726-4/1100-4/1200-05/1550-04 up to 20260205 Command Injection",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/?submit.770429"
        },
        {
          "name": "Submit #770430 | D-Link DNS-120/202L/315L/320/320L/320LW/321/322L/323/325/326/327L/326/340L/343/345/726-4/1100-4/1200-05/1550-04 up to 20260205 Command Injection (Duplicate)",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/?submit.770430"
        },
        {
          "name": "Submit #770431 | D-Link DNS-120/202L/315L/320/320L/320LW/321/322L/323/325/326/327L/326/340L/343/345/726-4/1100-4/1200-05/1550-04 up to 20260205 Command Injection (Duplicate)",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/?submit.770431"
        },
        {
          "name": "Submit #770432 | D-Link DNS-120/202L/315L/320/320L/320LW/321/322L/323/325/326/327L/326/340L/343/345/726-4/1100-4/1200-05/1550-04 up to 20260205 Command Injection (Duplicate)",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/?submit.770432"
        },
        {
          "name": "Submit #770433 | D-Link DNS-120/202L/315L/320/320L/320LW/321/322L/323/325/326/327L/326/340L/343/345/726-4/1100-4/1200-05/1550-04 up to 20260205 Command Injection (Duplicate)",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/?submit.770433"
        },
        {
          "name": "Submit #770434 | D-Link DNS-120/202L/315L/320/320L/320LW/321/322L/323/325/326/327L/326/340L/343/345/726-4/1100-4/1200-05/1550-04 up to 20260205 Command Injection (Duplicate)",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/?submit.770434"
        },
        {
          "name": "Submit #770435 | D-Link DNS-120/202L/315L/320/320L/320LW/321/322L/323/325/326/327L/326/340L/343/345/726-4/1100-4/1200-05/1550-04 up to 20260205 Command Injection (Duplicate)",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/?submit.770435"
        },
        {
          "name": "Submit #770436 | D-Link DNS-120/202L/315L/320/320L/320LW/321/322L/323/325/326/327L/326/340L/343/345/726-4/1100-4/1200-05/1550-04 up to 20260205 Command Injection (Duplicate)",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/?submit.770436"
        },
        {
          "name": "Submit #770437 | D-Link DNS-120/202L/315L/320/320L/320LW/321/322L/323/325/326/327L/326/340L/343/345/726-4/1100-4/1200-05/1550-04 up to 20260205 Command Injection (Duplicate)",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/?submit.770437"
        },
        {
          "name": "Submit #770438 | D-Link DNS-120/202L/315L/320/320L/320LW/321/322L/323/325/326/327L/326/340L/343/345/726-4/1100-4/1200-05/1550-04 up to 20260205 Command Injection (Duplicate)",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/?submit.770438"
        },
        {
          "tags": [
            "related"
          ],
          "url": "https://github.com/wudipjq/my_vuln/blob/main/D-Link8/vuln_148/148.md"
        },
        {
          "tags": [
            "exploit"
          ],
          "url": "https://github.com/wudipjq/my_vuln/blob/main/D-Link8/vuln_149/149.md"
        },
        {
          "tags": [
            "product"
          ],
          "url": "https://www.dlink.com/"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2026-03-15T00:00:00.000Z",
          "value": "Advisory disclosed"
        },
        {
          "lang": "en",
          "time": "2026-03-15T01:00:00.000Z",
          "value": "VulDB entry created"
        },
        {
          "lang": "en",
          "time": "2026-03-15T13:01:06.000Z",
          "value": "VulDB entry last update"
        }
      ],
      "title": "D-Link DNS-1550-04 account_mgr.cgi cgi_chg_admin_pw command injection"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "cveId": "CVE-2026-4209",
    "datePublished": "2026-03-16T02:32:13.384Z",
    "dateReserved": "2026-03-15T11:55:59.083Z",
    "dateUpdated": "2026-03-16T15:31:58.188Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-4210 (GCVE-0-2026-4210)

Vulnerability from cvelistv5 – Published: 2026-03-16 03:02 – Updated: 2026-03-16 15:31
VLAI
Title
D-Link DNS-1550-04 time_machine.cgi cgi_tm_set_share command injection
Summary
A security flaw has been discovered in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20260205. Affected by this vulnerability is the function cgi_tm_set_share of the file /cgi-bin/time_machine.cgi. The manipulation of the argument Name results in command injection. It is possible to launch the attack remotely. The exploit has been released to the public and may be used for attacks.
SSVC
Exploitation: poc Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
References
URL Tags
https://vuldb.com/?id.351121 vdb-entrytechnical-description
https://vuldb.com/?ctiid.351121 signaturepermissions-required
https://vuldb.com/?submit.770440 third-party-advisory
https://github.com/wudipjq/my_vuln/blob/main/D-Li… exploit
https://www.dlink.com/ broken-linkproduct
Impacted products
Vendor Product Version
D-Link DNS-120 Affected: 20260205
Create a notification for this product.
D-Link DNR-202L Affected: 20260205
Create a notification for this product.
D-Link DNS-315L Affected: 20260205
Create a notification for this product.
D-Link DNS-320 Affected: 20260205
Create a notification for this product.
D-Link DNS-320L Affected: 20260205
Create a notification for this product.
D-Link DNS-320LW Affected: 20260205
Create a notification for this product.
D-Link DNS-321 Affected: 20260205
Create a notification for this product.
D-Link DNR-322L Affected: 20260205
Create a notification for this product.
D-Link DNS-323 Affected: 20260205
Create a notification for this product.
D-Link DNS-325 Affected: 20260205
Create a notification for this product.
D-Link DNS-326 Affected: 20260205
Create a notification for this product.
D-Link DNS-327L Affected: 20260205
Create a notification for this product.
D-Link DNR-326 Affected: 20260205
Create a notification for this product.
D-Link DNS-340L Affected: 20260205
Create a notification for this product.
D-Link DNS-343 Affected: 20260205
Create a notification for this product.
D-Link DNS-345 Affected: 20260205
Create a notification for this product.
D-Link DNS-726-4 Affected: 20260205
Create a notification for this product.
D-Link DNS-1100-4 Affected: 20260205
Create a notification for this product.
D-Link DNS-1200-05 Affected: 20260205
Create a notification for this product.
D-Link DNS-1550-04 Affected: 20260205
Create a notification for this product.
Credits
pjqwudi (VulDB User)
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-4210",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-03-16T15:31:21.237679Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-03-16T15:31:27.493Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "DNS-120",
          "vendor": "D-Link",
          "versions": [
            {
              "status": "affected",
              "version": "20260205"
            }
          ]
        },
        {
          "product": "DNR-202L",
          "vendor": "D-Link",
          "versions": [
            {
              "status": "affected",
              "version": "20260205"
            }
          ]
        },
        {
          "product": "DNS-315L",
          "vendor": "D-Link",
          "versions": [
            {
              "status": "affected",
              "version": "20260205"
            }
          ]
        },
        {
          "product": "DNS-320",
          "vendor": "D-Link",
          "versions": [
            {
              "status": "affected",
              "version": "20260205"
            }
          ]
        },
        {
          "product": "DNS-320L",
          "vendor": "D-Link",
          "versions": [
            {
              "status": "affected",
              "version": "20260205"
            }
          ]
        },
        {
          "product": "DNS-320LW",
          "vendor": "D-Link",
          "versions": [
            {
              "status": "affected",
              "version": "20260205"
            }
          ]
        },
        {
          "product": "DNS-321",
          "vendor": "D-Link",
          "versions": [
            {
              "status": "affected",
              "version": "20260205"
            }
          ]
        },
        {
          "product": "DNR-322L",
          "vendor": "D-Link",
          "versions": [
            {
              "status": "affected",
              "version": "20260205"
            }
          ]
        },
        {
          "product": "DNS-323",
          "vendor": "D-Link",
          "versions": [
            {
              "status": "affected",
              "version": "20260205"
            }
          ]
        },
        {
          "product": "DNS-325",
          "vendor": "D-Link",
          "versions": [
            {
              "status": "affected",
              "version": "20260205"
            }
          ]
        },
        {
          "product": "DNS-326",
          "vendor": "D-Link",
          "versions": [
            {
              "status": "affected",
              "version": "20260205"
            }
          ]
        },
        {
          "product": "DNS-327L",
          "vendor": "D-Link",
          "versions": [
            {
              "status": "affected",
              "version": "20260205"
            }
          ]
        },
        {
          "product": "DNR-326",
          "vendor": "D-Link",
          "versions": [
            {
              "status": "affected",
              "version": "20260205"
            }
          ]
        },
        {
          "product": "DNS-340L",
          "vendor": "D-Link",
          "versions": [
            {
              "status": "affected",
              "version": "20260205"
            }
          ]
        },
        {
          "product": "DNS-343",
          "vendor": "D-Link",
          "versions": [
            {
              "status": "affected",
              "version": "20260205"
            }
          ]
        },
        {
          "product": "DNS-345",
          "vendor": "D-Link",
          "versions": [
            {
              "status": "affected",
              "version": "20260205"
            }
          ]
        },
        {
          "product": "DNS-726-4",
          "vendor": "D-Link",
          "versions": [
            {
              "status": "affected",
              "version": "20260205"
            }
          ]
        },
        {
          "product": "DNS-1100-4",
          "vendor": "D-Link",
          "versions": [
            {
              "status": "affected",
              "version": "20260205"
            }
          ]
        },
        {
          "product": "DNS-1200-05",
          "vendor": "D-Link",
          "versions": [
            {
              "status": "affected",
              "version": "20260205"
            }
          ]
        },
        {
          "product": "DNS-1550-04",
          "vendor": "D-Link",
          "versions": [
            {
              "status": "affected",
              "version": "20260205"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "pjqwudi (VulDB User)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A security flaw has been discovered in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20260205. Affected by this vulnerability is the function cgi_tm_set_share of the file /cgi-bin/time_machine.cgi. The manipulation of the argument Name results in command injection. It is possible to launch the attack remotely. The exploit has been released to the public and may be used for attacks."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
            "version": "4.0"
          }
        },
        {
          "cvssV3_1": {
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
            "version": "3.1"
          }
        },
        {
          "cvssV3_0": {
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
            "version": "3.0"
          }
        },
        {
          "cvssV2_0": {
            "baseScore": 6.5,
            "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
            "version": "2.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-77",
              "description": "Command Injection",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-74",
              "description": "Injection",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-03-16T03:02:16.888Z",
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB"
      },
      "references": [
        {
          "name": "VDB-351121 | D-Link DNS-1550-04 time_machine.cgi cgi_tm_set_share command injection",
          "tags": [
            "vdb-entry",
            "technical-description"
          ],
          "url": "https://vuldb.com/?id.351121"
        },
        {
          "name": "VDB-351121 | CTI Indicators (IOB, IOC, TTP, IOA)",
          "tags": [
            "signature",
            "permissions-required"
          ],
          "url": "https://vuldb.com/?ctiid.351121"
        },
        {
          "name": "Submit #770440 | D-Link DNS-120/202L/315L/320/320L/320LW/321/322L/323/325/326/327L/326/340L/343/345/726-4/1100-4/1200-05/1550-04 up to 20260205 Command Injection",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/?submit.770440"
        },
        {
          "tags": [
            "exploit"
          ],
          "url": "https://github.com/wudipjq/my_vuln/blob/main/D-Link8/vuln_159/159.md"
        },
        {
          "tags": [
            "broken-link",
            "product"
          ],
          "url": "https://www.dlink.com/"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2026-03-15T00:00:00.000Z",
          "value": "Advisory disclosed"
        },
        {
          "lang": "en",
          "time": "2026-03-15T01:00:00.000Z",
          "value": "VulDB entry created"
        },
        {
          "lang": "en",
          "time": "2026-03-15T13:03:22.000Z",
          "value": "VulDB entry last update"
        }
      ],
      "title": "D-Link DNS-1550-04 time_machine.cgi cgi_tm_set_share command injection"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "cveId": "CVE-2026-4210",
    "datePublished": "2026-03-16T03:02:16.888Z",
    "dateReserved": "2026-03-15T11:58:18.779Z",
    "dateUpdated": "2026-03-16T15:31:27.493Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-42257 (GCVE-0-2026-42257)

Vulnerability from cvelistv5 – Published: 2026-05-09 19:39 – Updated: 2026-05-13 19:33
VLAI
Title
net-imap: Command Injection via "raw" arguments to multiple commands
Summary
Net::IMAP implements Internet Message Access Protocol (IMAP) client functionality in Ruby. Prior to versions 0.4.24, 0.5.14, and 0.6.4, several Net::IMAP commands accept a raw string argument that is sent to the server without validation or escaping. If this string is derived from user-controlled input, it may contain contain CRLF sequences, which an attacker can use to inject arbitrary IMAP commands. This issue has been patched in versions 0.4.24, 0.5.14, and 0.6.4.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-93 - Improper Neutralization of CRLF Sequences ('CRLF Injection')
  • CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')
Assigner
Impacted products
Vendor Product Version
ruby net-imap Affected: < 0.4.24
Affected: >= 0.5.0, < 0.5.14
Affected: >= 0.6.0, < 0.6.4
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-42257",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-05-13T19:27:16.888782Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-05-13T19:33:13.948Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "net-imap",
          "vendor": "ruby",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 0.4.24"
            },
            {
              "status": "affected",
              "version": "\u003e= 0.5.0, \u003c 0.5.14"
            },
            {
              "status": "affected",
              "version": "\u003e= 0.6.0, \u003c 0.6.4"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Net::IMAP implements Internet Message Access Protocol (IMAP) client functionality in Ruby. Prior to versions 0.4.24, 0.5.14, and 0.6.4, several Net::IMAP commands accept a raw string argument that is sent to the server without validation or escaping. If this string is derived from user-controlled input, it may contain contain CRLF sequences, which an attacker can use to inject arbitrary IMAP commands. This issue has been patched in versions 0.4.24, 0.5.14, and 0.6.4."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "attackComplexity": "LOW",
            "attackRequirements": "PRESENT",
            "attackVector": "LOCAL",
            "baseScore": 5.8,
            "baseSeverity": "MEDIUM",
            "privilegesRequired": "NONE",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "PASSIVE",
            "vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:P/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "LOW",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "HIGH"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-93",
              "description": "CWE-93: Improper Neutralization of CRLF Sequences (\u0027CRLF Injection\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-77",
              "description": "CWE-77: Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-09T19:39:48.398Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/ruby/net-imap/security/advisories/GHSA-hm49-wcqc-g2xg",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/ruby/net-imap/security/advisories/GHSA-hm49-wcqc-g2xg"
        },
        {
          "name": "https://github.com/ruby/net-imap/releases/tag/v0.4.24",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/ruby/net-imap/releases/tag/v0.4.24"
        },
        {
          "name": "https://github.com/ruby/net-imap/releases/tag/v0.5.14",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/ruby/net-imap/releases/tag/v0.5.14"
        },
        {
          "name": "https://github.com/ruby/net-imap/releases/tag/v0.6.4",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/ruby/net-imap/releases/tag/v0.6.4"
        }
      ],
      "source": {
        "advisory": "GHSA-hm49-wcqc-g2xg",
        "discovery": "UNKNOWN"
      },
      "title": "net-imap: Command Injection via \"raw\" arguments to multiple commands"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2026-42257",
    "datePublished": "2026-05-09T19:39:48.398Z",
    "dateReserved": "2026-04-26T11:53:27.704Z",
    "dateUpdated": "2026-05-13T19:33:13.948Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-42258 (GCVE-0-2026-42258)

Vulnerability from cvelistv5 – Published: 2026-05-09 19:40 – Updated: 2026-07-15 02:48
VLAI
Title
net-imap: Command Injection via unvalidated Symbol inputs
Summary
Net::IMAP implements Internet Message Access Protocol (IMAP) client functionality in Ruby. Prior to versions 0.4.24, 0.5.14, and 0.6.4, symbol arguments to commands are vulnerable to a CRLF Injection / IMAP Command injection via Symbol arguments passed to IMAP commands. This issue has been patched in versions 0.4.24, 0.5.14, and 0.6.4.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')
  • CWE-93 - Improper Neutralization of CRLF Sequences ('CRLF Injection')
Assigner
References
URL Tags
https://github.com/ruby/net-imap/security/advisor… x_refsource_CONFIRM
https://github.com/ruby/net-imap/releases/tag/v0.4.24 x_refsource_MISC
https://github.com/ruby/net-imap/releases/tag/v0.5.14 x_refsource_MISC
https://github.com/ruby/net-imap/releases/tag/v0.6.4 x_refsource_MISC
https://access.redhat.com/security/cve/CVE-2026-42258 vdb-entryx_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=2468498 issue-trackingx_refsource_REDHAT
https://security.access.redhat.com/data/csaf/v2/v… x_sadp-csaf-vex
https://access.redhat.com/errata/RHSA-2026:37397 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:35895 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:33565 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:33540 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:33514 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:33515 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:35866 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:35867 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:34076 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:35834 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:33630 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:36099 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:33462 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:37238 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:33512 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:33576 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:33577 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:35447 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:36978 vendor-advisoryx_refsource_REDHAT
Impacted products
Vendor Product Version
ruby net-imap Affected: < 0.4.24
Affected: >= 0.5.0, < 0.5.14
Affected: >= 0.6.0, < 0.6.4
Create a notification for this product.
Red Hat Red Hat Enterprise Linux 10 Unaffected: 0:4.0.3-35.el10_2 , < * (rpm)
    cpe:/o:redhat:enterprise_linux:10.2
Create a notification for this product.
Red Hat Red Hat Enterprise Linux 10 Unaffected: 0:3.3.10-13.el10_2 , < * (rpm)
    cpe:/o:redhat:enterprise_linux:10.2
Create a notification for this product.
Red Hat Red Hat Enterprise Linux 10.0 Extended Update Support Unaffected: 0:3.3.10-11.el10_0.2 , < * (rpm)
    cpe:/o:redhat:enterprise_linux_eus:10.0
Create a notification for this product.
Red Hat Red Hat Enterprise Linux 7 Extended Lifecycle Support Unaffected: 0:2.0.0.648-39.el7_9.1 , < * (rpm)
    cpe:/o:redhat:rhel_els:7
Create a notification for this product.
Red Hat Red Hat Enterprise Linux 8 Unaffected: 8100020260615131019.489197e6 , < * (rpm)
    cpe:/a:redhat:enterprise_linux:8
Create a notification for this product.
Red Hat Red Hat Enterprise Linux 8 Unaffected: 8100020260615131010.489197e6 , < * (rpm)
    cpe:/a:redhat:enterprise_linux:8
Create a notification for this product.
Red Hat Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support Unaffected: 8040020260630124058.522a0ee4 , < * (rpm)
    cpe:/a:redhat:rhel_aus:8.4
Create a notification for this product.
Red Hat Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On Unaffected: 8040020260630124058.522a0ee4 , < * (rpm)
    cpe:/a:redhat:rhel_eus_long_life:8.4
Create a notification for this product.
Red Hat Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support Unaffected: 8060020260630123825.ad008a3a , < * (rpm)
    cpe:/a:redhat:rhel_aus:8.6
Create a notification for this product.
Red Hat Red Hat Enterprise Linux 8.6 Extended Update Support Long-Life Add-On Unaffected: 8060020260630123825.ad008a3a , < * (rpm)
    cpe:/a:redhat:rhel_eus_long_life:8.6
Create a notification for this product.
Red Hat Red Hat Enterprise Linux 8.8 Telecommunications Update Service Unaffected: 8080020260625114827.63b34585 , < * (rpm)
    cpe:/a:redhat:rhel_tus:8.8
Create a notification for this product.
Red Hat Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions Unaffected: 8080020260625114827.63b34585 , < * (rpm)
    cpe:/a:redhat:rhel_e4s:8.8
Create a notification for this product.
Red Hat Red Hat Enterprise Linux 9 Unaffected: 0:3.0.7-167.el9_8 , < * (rpm)
    cpe:/a:redhat:enterprise_linux:9
Create a notification for this product.
Red Hat Red Hat Enterprise Linux 9 Unaffected: 9080020260615131001.9 , < * (rpm)
    cpe:/a:redhat:enterprise_linux:9
Create a notification for this product.
Red Hat Red Hat Enterprise Linux 9 Unaffected: 9080020260619130154.9 , < * (rpm)
    cpe:/a:redhat:enterprise_linux:9
Create a notification for this product.
Red Hat Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions Unaffected: 0:3.0.4-161.el9_2.3 , < * (rpm)
    cpe:/a:redhat:rhel_e4s:9.2
Create a notification for this product.
Red Hat Red Hat Enterprise Linux 9.4 Update Services for SAP Solutions Unaffected: 0:3.0.7-162.el9_4.3 , < * (rpm)
    cpe:/a:redhat:rhel_e4s:9.4
Create a notification for this product.
Red Hat Red Hat Enterprise Linux 9.4 Update Services for SAP Solutions Unaffected: 9040020260630065449.9 , < * (rpm)
    cpe:/a:redhat:rhel_e4s:9.4
Create a notification for this product.
Red Hat Red Hat Enterprise Linux 9.6 Extended Update Support Unaffected: 0:3.0.7-165.el9_6.1 , < * (rpm)
    cpe:/a:redhat:rhel_eus:9.6
Create a notification for this product.
Red Hat Red Hat Enterprise Linux 9.6 Extended Update Support Unaffected: 9060020260630075016.9 , < * (rpm)
    cpe:/a:redhat:rhel_eus:9.6
Create a notification for this product.
Red Hat Red Hat Hardened Images Unaffected: 3.3.10-23.2.hum1 , < * (rpm)
    cpe:/a:redhat:hummingbird:1
Create a notification for this product.
Red Hat Red Hat Hardened Images Unaffected: 3.4.9-31.4.hum1 , < * (rpm)
    cpe:/a:redhat:hummingbird:1
Create a notification for this product.
Red Hat Red Hat Hardened Images Unaffected: 4.0.5-35.hum1 , < * (rpm)
    cpe:/a:redhat:hummingbird:1
Create a notification for this product.
Red Hat Red Hat 3scale API Management Platform 2     cpe:/a:redhat:red_hat_3scale_amp:2
Create a notification for this product.
Red Hat Red Hat Enterprise Linux 6     cpe:/o:redhat:enterprise_linux:6
Create a notification for this product.
Red Hat Red Hat OpenShift AI (RHOAI)     cpe:/a:redhat:openshift_ai
Create a notification for this product.
Red Hat Red Hat OpenShift Container Platform 4     cpe:/a:redhat:openshift:4
Create a notification for this product.
Red Hat Red Hat OpenShift Dev Spaces     cpe:/a:redhat:openshift_devspaces:3
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-42258",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-05-11T14:57:16.635329Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-05-11T14:57:24.039Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "affected": [
          {
            "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
            "cpes": [
              "cpe:/o:redhat:enterprise_linux:10.2"
            ],
            "defaultStatus": "affected",
            "packageName": "ruby4.0",
            "product": "Red Hat Enterprise Linux 10",
            "vendor": "Red Hat",
            "versions": [
              {
                "lessThan": "*",
                "status": "unaffected",
                "version": "0:4.0.3-35.el10_2",
                "versionType": "rpm"
              }
            ]
          },
          {
            "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
            "cpes": [
              "cpe:/o:redhat:enterprise_linux:10.2"
            ],
            "defaultStatus": "affected",
            "packageName": "ruby",
            "product": "Red Hat Enterprise Linux 10",
            "vendor": "Red Hat",
            "versions": [
              {
                "lessThan": "*",
                "status": "unaffected",
                "version": "0:3.3.10-13.el10_2",
                "versionType": "rpm"
              }
            ]
          },
          {
            "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
            "cpes": [
              "cpe:/o:redhat:enterprise_linux_eus:10.0"
            ],
            "defaultStatus": "affected",
            "packageName": "ruby",
            "product": "Red Hat Enterprise Linux 10.0 Extended Update Support",
            "vendor": "Red Hat",
            "versions": [
              {
                "lessThan": "*",
                "status": "unaffected",
                "version": "0:3.3.10-11.el10_0.2",
                "versionType": "rpm"
              }
            ]
          },
          {
            "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
            "cpes": [
              "cpe:/o:redhat:rhel_els:7"
            ],
            "defaultStatus": "affected",
            "packageName": "ruby",
            "product": "Red Hat Enterprise Linux 7 Extended Lifecycle Support",
            "vendor": "Red Hat",
            "versions": [
              {
                "lessThan": "*",
                "status": "unaffected",
                "version": "0:2.0.0.648-39.el7_9.1",
                "versionType": "rpm"
              }
            ]
          },
          {
            "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
            "cpes": [
              "cpe:/a:redhat:enterprise_linux:8"
            ],
            "defaultStatus": "affected",
            "packageName": "ruby:2.5",
            "product": "Red Hat Enterprise Linux 8",
            "vendor": "Red Hat",
            "versions": [
              {
                "lessThan": "*",
                "status": "unaffected",
                "version": "8100020260615131019.489197e6",
                "versionType": "rpm"
              }
            ]
          },
          {
            "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
            "cpes": [
              "cpe:/a:redhat:enterprise_linux:8"
            ],
            "defaultStatus": "affected",
            "packageName": "ruby:3.3",
            "product": "Red Hat Enterprise Linux 8",
            "vendor": "Red Hat",
            "versions": [
              {
                "lessThan": "*",
                "status": "unaffected",
                "version": "8100020260615131010.489197e6",
                "versionType": "rpm"
              }
            ]
          },
          {
            "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
            "cpes": [
              "cpe:/a:redhat:rhel_aus:8.4"
            ],
            "defaultStatus": "affected",
            "packageName": "ruby:2.5",
            "product": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support",
            "vendor": "Red Hat",
            "versions": [
              {
                "lessThan": "*",
                "status": "unaffected",
                "version": "8040020260630124058.522a0ee4",
                "versionType": "rpm"
              }
            ]
          },
          {
            "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
            "cpes": [
              "cpe:/a:redhat:rhel_eus_long_life:8.4"
            ],
            "defaultStatus": "affected",
            "packageName": "ruby:2.5",
            "product": "Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On",
            "vendor": "Red Hat",
            "versions": [
              {
                "lessThan": "*",
                "status": "unaffected",
                "version": "8040020260630124058.522a0ee4",
                "versionType": "rpm"
              }
            ]
          },
          {
            "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
            "cpes": [
              "cpe:/a:redhat:rhel_aus:8.6"
            ],
            "defaultStatus": "affected",
            "packageName": "ruby:2.5",
            "product": "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support",
            "vendor": "Red Hat",
            "versions": [
              {
                "lessThan": "*",
                "status": "unaffected",
                "version": "8060020260630123825.ad008a3a",
                "versionType": "rpm"
              }
            ]
          },
          {
            "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
            "cpes": [
              "cpe:/a:redhat:rhel_eus_long_life:8.6"
            ],
            "defaultStatus": "affected",
            "packageName": "ruby:2.5",
            "product": "Red Hat Enterprise Linux 8.6 Extended Update Support Long-Life Add-On",
            "vendor": "Red Hat",
            "versions": [
              {
                "lessThan": "*",
                "status": "unaffected",
                "version": "8060020260630123825.ad008a3a",
                "versionType": "rpm"
              }
            ]
          },
          {
            "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
            "cpes": [
              "cpe:/a:redhat:rhel_tus:8.8"
            ],
            "defaultStatus": "affected",
            "packageName": "ruby:2.5",
            "product": "Red Hat Enterprise Linux 8.8 Telecommunications Update Service",
            "vendor": "Red Hat",
            "versions": [
              {
                "lessThan": "*",
                "status": "unaffected",
                "version": "8080020260625114827.63b34585",
                "versionType": "rpm"
              }
            ]
          },
          {
            "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
            "cpes": [
              "cpe:/a:redhat:rhel_e4s:8.8"
            ],
            "defaultStatus": "affected",
            "packageName": "ruby:2.5",
            "product": "Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions",
            "vendor": "Red Hat",
            "versions": [
              {
                "lessThan": "*",
                "status": "unaffected",
                "version": "8080020260625114827.63b34585",
                "versionType": "rpm"
              }
            ]
          },
          {
            "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
            "cpes": [
              "cpe:/a:redhat:enterprise_linux:9"
            ],
            "defaultStatus": "affected",
            "packageName": "ruby",
            "product": "Red Hat Enterprise Linux 9",
            "vendor": "Red Hat",
            "versions": [
              {
                "lessThan": "*",
                "status": "unaffected",
                "version": "0:3.0.7-167.el9_8",
                "versionType": "rpm"
              }
            ]
          },
          {
            "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
            "cpes": [
              "cpe:/a:redhat:enterprise_linux:9"
            ],
            "defaultStatus": "affected",
            "packageName": "ruby:3.3",
            "product": "Red Hat Enterprise Linux 9",
            "vendor": "Red Hat",
            "versions": [
              {
                "lessThan": "*",
                "status": "unaffected",
                "version": "9080020260615131001.9",
                "versionType": "rpm"
              }
            ]
          },
          {
            "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
            "cpes": [
              "cpe:/a:redhat:enterprise_linux:9"
            ],
            "defaultStatus": "affected",
            "packageName": "ruby:4.0",
            "product": "Red Hat Enterprise Linux 9",
            "vendor": "Red Hat",
            "versions": [
              {
                "lessThan": "*",
                "status": "unaffected",
                "version": "9080020260619130154.9",
                "versionType": "rpm"
              }
            ]
          },
          {
            "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
            "cpes": [
              "cpe:/a:redhat:rhel_e4s:9.2"
            ],
            "defaultStatus": "affected",
            "packageName": "ruby",
            "product": "Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions",
            "vendor": "Red Hat",
            "versions": [
              {
                "lessThan": "*",
                "status": "unaffected",
                "version": "0:3.0.4-161.el9_2.3",
                "versionType": "rpm"
              }
            ]
          },
          {
            "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
            "cpes": [
              "cpe:/a:redhat:rhel_e4s:9.4"
            ],
            "defaultStatus": "affected",
            "packageName": "ruby",
            "product": "Red Hat Enterprise Linux 9.4 Update Services for SAP Solutions",
            "vendor": "Red Hat",
            "versions": [
              {
                "lessThan": "*",
                "status": "unaffected",
                "version": "0:3.0.7-162.el9_4.3",
                "versionType": "rpm"
              }
            ]
          },
          {
            "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
            "cpes": [
              "cpe:/a:redhat:rhel_e4s:9.4"
            ],
            "defaultStatus": "affected",
            "packageName": "ruby:3.3",
            "product": "Red Hat Enterprise Linux 9.4 Update Services for SAP Solutions",
            "vendor": "Red Hat",
            "versions": [
              {
                "lessThan": "*",
                "status": "unaffected",
                "version": "9040020260630065449.9",
                "versionType": "rpm"
              }
            ]
          },
          {
            "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
            "cpes": [
              "cpe:/a:redhat:rhel_eus:9.6"
            ],
            "defaultStatus": "affected",
            "packageName": "ruby",
            "product": "Red Hat Enterprise Linux 9.6 Extended Update Support",
            "vendor": "Red Hat",
            "versions": [
              {
                "lessThan": "*",
                "status": "unaffected",
                "version": "0:3.0.7-165.el9_6.1",
                "versionType": "rpm"
              }
            ]
          },
          {
            "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
            "cpes": [
              "cpe:/a:redhat:rhel_eus:9.6"
            ],
            "defaultStatus": "affected",
            "packageName": "ruby:3.3",
            "product": "Red Hat Enterprise Linux 9.6 Extended Update Support",
            "vendor": "Red Hat",
            "versions": [
              {
                "lessThan": "*",
                "status": "unaffected",
                "version": "9060020260630075016.9",
                "versionType": "rpm"
              }
            ]
          },
          {
            "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
            "cpes": [
              "cpe:/a:redhat:hummingbird:1"
            ],
            "defaultStatus": "affected",
            "packageName": "ruby3-3-main",
            "product": "Red Hat Hardened Images",
            "vendor": "Red Hat",
            "versions": [
              {
                "lessThan": "*",
                "status": "unaffected",
                "version": "3.3.10-23.2.hum1",
                "versionType": "rpm"
              }
            ]
          },
          {
            "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
            "cpes": [
              "cpe:/a:redhat:hummingbird:1"
            ],
            "defaultStatus": "affected",
            "packageName": "ruby3-4-main",
            "product": "Red Hat Hardened Images",
            "vendor": "Red Hat",
            "versions": [
              {
                "lessThan": "*",
                "status": "unaffected",
                "version": "3.4.9-31.4.hum1",
                "versionType": "rpm"
              }
            ]
          },
          {
            "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
            "cpes": [
              "cpe:/a:redhat:hummingbird:1"
            ],
            "defaultStatus": "affected",
            "packageName": "ruby4-0-main",
            "product": "Red Hat Hardened Images",
            "vendor": "Red Hat",
            "versions": [
              {
                "lessThan": "*",
                "status": "unaffected",
                "version": "4.0.5-35.hum1",
                "versionType": "rpm"
              }
            ]
          },
          {
            "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
            "cpes": [
              "cpe:/a:redhat:red_hat_3scale_amp:2"
            ],
            "defaultStatus": "unknown",
            "packageName": "3scale-amp21/system",
            "product": "Red Hat 3scale API Management Platform 2",
            "vendor": "Red Hat"
          },
          {
            "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
            "cpes": [
              "cpe:/a:redhat:red_hat_3scale_amp:2"
            ],
            "defaultStatus": "unknown",
            "packageName": "3scale-amp21/zync",
            "product": "Red Hat 3scale API Management Platform 2",
            "vendor": "Red Hat"
          },
          {
            "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
            "cpes": [
              "cpe:/a:redhat:red_hat_3scale_amp:2"
            ],
            "defaultStatus": "unknown",
            "packageName": "3scale-amp22/system",
            "product": "Red Hat 3scale API Management Platform 2",
            "vendor": "Red Hat"
          },
          {
            "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
            "cpes": [
              "cpe:/a:redhat:red_hat_3scale_amp:2"
            ],
            "defaultStatus": "unknown",
            "packageName": "3scale-amp22/zync",
            "product": "Red Hat 3scale API Management Platform 2",
            "vendor": "Red Hat"
          },
          {
            "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
            "cpes": [
              "cpe:/a:redhat:red_hat_3scale_amp:2"
            ],
            "defaultStatus": "unknown",
            "packageName": "3scale-amp2/system-rhel7",
            "product": "Red Hat 3scale API Management Platform 2",
            "vendor": "Red Hat"
          },
          {
            "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
            "cpes": [
              "cpe:/a:redhat:red_hat_3scale_amp:2"
            ],
            "defaultStatus": "unknown",
            "packageName": "3scale-amp2/system-rhel8",
            "product": "Red Hat 3scale API Management Platform 2",
            "vendor": "Red Hat"
          },
          {
            "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
            "cpes": [
              "cpe:/a:redhat:red_hat_3scale_amp:2"
            ],
            "defaultStatus": "unknown",
            "packageName": "3scale-amp2/system-rhel9",
            "product": "Red Hat 3scale API Management Platform 2",
            "vendor": "Red Hat"
          },
          {
            "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
            "cpes": [
              "cpe:/a:redhat:red_hat_3scale_amp:2"
            ],
            "defaultStatus": "unknown",
            "packageName": "3scale-amp2/zync-rhel8",
            "product": "Red Hat 3scale API Management Platform 2",
            "vendor": "Red Hat"
          },
          {
            "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
            "cpes": [
              "cpe:/a:redhat:red_hat_3scale_amp:2"
            ],
            "defaultStatus": "unknown",
            "packageName": "3scale-amp2/zync-rhel9",
            "product": "Red Hat 3scale API Management Platform 2",
            "vendor": "Red Hat"
          },
          {
            "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
            "cpes": [
              "cpe:/o:redhat:enterprise_linux:6"
            ],
            "defaultStatus": "unaffected",
            "packageName": "ruby",
            "product": "Red Hat Enterprise Linux 6",
            "vendor": "Red Hat"
          },
          {
            "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
            "cpes": [
              "cpe:/a:redhat:openshift_ai"
            ],
            "defaultStatus": "affected",
            "packageName": "rhoai/odh-workbench-codeserver-datascience-cpu-py312-rhel9",
            "product": "Red Hat OpenShift AI (RHOAI)",
            "vendor": "Red Hat"
          },
          {
            "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
            "cpes": [
              "cpe:/a:redhat:openshift:4"
            ],
            "defaultStatus": "affected",
            "packageName": "rhcos",
            "product": "Red Hat OpenShift Container Platform 4",
            "vendor": "Red Hat"
          },
          {
            "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
            "cpes": [
              "cpe:/a:redhat:openshift_devspaces:3"
            ],
            "defaultStatus": "unaffected",
            "packageName": "devspaces/code-rhel9",
            "product": "Red Hat OpenShift Dev Spaces",
            "vendor": "Red Hat"
          }
        ],
        "datePublic": "2026-05-09T19:40:49.405Z",
        "descriptions": [
          {
            "lang": "en",
            "value": "A flaw was found in Net::IMAP, a Ruby library that provides Internet Message Access Protocol (IMAP) client functionality. This vulnerability allows a remote attacker to inject arbitrary IMAP commands. This is achieved by passing specially crafted symbol arguments to IMAP commands. Successful exploitation could lead to unauthorized actions on the IMAP server or client, potentially resulting in information disclosure or other integrity impacts."
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "namespace": "https://access.redhat.com/security/updates/classification/",
                "value": "Important"
              },
              "type": "Red Hat severity rating"
            }
          },
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "NONE",
              "baseScore": 7.1,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "LOW",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:N",
              "version": "3.1"
            },
            "format": "CVSS"
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-93",
                "description": "Improper Neutralization of CRLF Sequences (\u0027CRLF Injection\u0027)",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-07-15T02:48:36.543Z",
          "orgId": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
          "shortName": "redhat-SADP"
        },
        "references": [
          {
            "tags": [
              "vdb-entry",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/security/cve/CVE-2026-42258"
          },
          {
            "name": "RHBZ#2468498",
            "tags": [
              "issue-tracking",
              "x_refsource_REDHAT"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2468498"
          },
          {
            "tags": [
              "x_sadp-csaf-vex"
            ],
            "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-42258.json"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:37397"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:35895"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:33565"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:33540"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:33514"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:33515"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:35866"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:35867"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:34076"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:35834"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:33630"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:36099"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:33462"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:37238"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:33512"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:33576"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:33577"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:35447"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:36978"
          }
        ],
        "solutions": [
          {
            "lang": "en",
            "value": "RHSA-2026:37397: Red Hat Enterprise Linux Server (v. 7 ELS), Red Hat Enterprise Linux Server Optional (v. 7 ELS)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:35895: Red Hat Enterprise Linux AppStream EUS (v. 10.0), Red Hat Enterprise Linux CodeReady Linux Builder EUS (v. 10.0)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:33565: Red Hat Enterprise Linux AppStream (v. 10), Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:33540: Red Hat Enterprise Linux AppStream (v. 10), Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:33514: Red Hat Enterprise Linux AppStream (v. 8)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:33515: Red Hat Enterprise Linux AppStream (v. 8)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:35866: Red Hat Enterprise Linux AppStream AUS (v.8.4), Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:35867: Red Hat Enterprise Linux AppStream AUS (v.8.6), Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.6)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:34076: Red Hat Enterprise Linux AppStream E4S (v.8.8), Red Hat Enterprise Linux AppStream TUS (v.8.8)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:35834: Red Hat Enterprise Linux AppStream E4S (v.9.2)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:33630: Red Hat Enterprise Linux AppStream E4S (v.9.4)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:36099: Red Hat Enterprise Linux AppStream E4S (v.9.4)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:33462: Red Hat CodeReady Linux Builder EUS (v.9.6), Red Hat Enterprise Linux AppStream EUS (v.9.6)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:37238: Red Hat Enterprise Linux AppStream EUS (v.9.6)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:33512: Red Hat Enterprise Linux AppStream (v. 9), Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:33576: Red Hat Enterprise Linux AppStream (v. 9)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:33577: Red Hat Enterprise Linux AppStream (v. 9)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:35447: Red Hat Hardened Images"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:36978: Red Hat Hardened Images"
          }
        ],
        "timeline": [
          {
            "lang": "en",
            "time": "2026-05-09T20:01:01.698Z",
            "value": "Reported to Red Hat."
          },
          {
            "lang": "en",
            "time": "2026-05-09T19:40:49.405Z",
            "value": "Made public."
          }
        ],
        "title": "ruby/net-imap: ruby: Net::IMAP: IMAP Command Injection via Symbol Arguments",
        "workarounds": [
          {
            "lang": "en",
            "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
          }
        ],
        "x_adpType": "supplier",
        "x_generator": {
          "engine": "sadp-cli 1.0.0"
        }
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "net-imap",
          "vendor": "ruby",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 0.4.24"
            },
            {
              "status": "affected",
              "version": "\u003e= 0.5.0, \u003c 0.5.14"
            },
            {
              "status": "affected",
              "version": "\u003e= 0.6.0, \u003c 0.6.4"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Net::IMAP implements Internet Message Access Protocol (IMAP) client functionality in Ruby. Prior to versions 0.4.24, 0.5.14, and 0.6.4, symbol arguments to commands are vulnerable to a CRLF Injection / IMAP Command injection via Symbol arguments passed to IMAP commands. This issue has been patched in versions 0.4.24, 0.5.14, and 0.6.4."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "attackComplexity": "HIGH",
            "attackRequirements": "PRESENT",
            "attackVector": "LOCAL",
            "baseScore": 5.8,
            "baseSeverity": "MEDIUM",
            "privilegesRequired": "NONE",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "PASSIVE",
            "vectorString": "CVSS:4.0/AV:L/AC:H/AT:P/PR:N/UI:P/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "LOW",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "HIGH"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-77",
              "description": "CWE-77: Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-93",
              "description": "CWE-93: Improper Neutralization of CRLF Sequences (\u0027CRLF Injection\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-09T19:40:49.405Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/ruby/net-imap/security/advisories/GHSA-75xq-5h9v-w6px",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/ruby/net-imap/security/advisories/GHSA-75xq-5h9v-w6px"
        },
        {
          "name": "https://github.com/ruby/net-imap/releases/tag/v0.4.24",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/ruby/net-imap/releases/tag/v0.4.24"
        },
        {
          "name": "https://github.com/ruby/net-imap/releases/tag/v0.5.14",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/ruby/net-imap/releases/tag/v0.5.14"
        },
        {
          "name": "https://github.com/ruby/net-imap/releases/tag/v0.6.4",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/ruby/net-imap/releases/tag/v0.6.4"
        }
      ],
      "source": {
        "advisory": "GHSA-75xq-5h9v-w6px",
        "discovery": "UNKNOWN"
      },
      "title": "net-imap: Command Injection via unvalidated Symbol inputs"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2026-42258",
    "datePublished": "2026-05-09T19:40:49.405Z",
    "dateReserved": "2026-04-26T11:53:27.704Z",
    "dateUpdated": "2026-07-15T02:48:36.543Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-42271 (GCVE-0-2026-42271)

Vulnerability from cvelistv5 – Published: 2026-05-08 03:35 – Updated: 2026-07-15 00:57
VLAI
Title
LiteLLM: Authenticated command execution via MCP stdio test endpoints
Summary
LiteLLM is a proxy server (AI Gateway) to call LLM APIs in OpenAI (or native) format. From version 1.74.2 to before version 1.83.7, two endpoints used to preview an MCP server before saving it — POST /mcp-rest/test/connection and POST /mcp-rest/test/tools/list — accepted a full server configuration in the request body, including the command, args, and env fields used by the stdio transport. When called with a stdio configuration, the endpoints attempted to connect, which spawned the supplied command as a subprocess on the proxy host with the privileges of the proxy process. The endpoints were gated only by a valid proxy API key, with no role check. Any authenticated user — including holders of low-privilege internal-user keys — could therefore run arbitrary commands on the host. This issue has been patched in version 1.83.7.
SSVC
Exploitation: active Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')
  • CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
Impacted products
Vendor Product Version
BerriAI litellm Affected: >= 1.74.2, < 1.83.7
Create a notification for this product.
Red Hat Red Hat OpenShift AI 2.25 Unaffected: 1781826406 , < * (rpm)
    cpe:/a:redhat:openshift_ai:2.25::el9
Create a notification for this product.
Red Hat Red Hat OpenShift AI 3.3 Unaffected: 1782310008 , < * (rpm)
    cpe:/a:redhat:openshift_ai:3.3::el9
Create a notification for this product.
Red Hat Red Hat OpenShift AI 3.4 Unaffected: 1781622627 , < * (rpm)
    cpe:/a:redhat:openshift_ai:3.4::el9
Create a notification for this product.
Red Hat Exploit Intelligence     cpe:/a:redhat:exploit_intelligence:0
Create a notification for this product.
Red Hat Red Hat Ansible Automation Platform 2     cpe:/a:redhat:ansible_automation_platform:2
Create a notification for this product.
Red Hat Red Hat OpenShift AI (RHOAI)     cpe:/a:redhat:openshift_ai
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-42271",
                "options": [
                  {
                    "Exploitation": "active"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-05-08T00:00:00+00:00",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          },
          {
            "other": {
              "content": {
                "dateAdded": "2026-06-08",
                "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-42271"
              },
              "type": "kev"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-06-09T03:55:26.815Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "government-resource"
            ],
            "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-42271"
          }
        ],
        "timeline": [
          {
            "lang": "en",
            "time": "2026-06-08T00:00:00.000Z",
            "value": "CVE-2026-42271 added to CISA KEV"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      },
      {
        "affected": [
          {
            "collectionURL": "https://catalog.redhat.com/software/containers/",
            "cpes": [
              "cpe:/a:redhat:openshift_ai:2.25::el9"
            ],
            "defaultStatus": "affected",
            "packageName": "rhoai/odh-llama-stack-core-rhel9",
            "product": "Red Hat OpenShift AI 2.25",
            "vendor": "Red Hat",
            "versions": [
              {
                "lessThan": "*",
                "status": "unaffected",
                "version": "1781826406",
                "versionType": "rpm"
              }
            ]
          },
          {
            "collectionURL": "https://catalog.redhat.com/software/containers/",
            "cpes": [
              "cpe:/a:redhat:openshift_ai:3.3::el9"
            ],
            "defaultStatus": "affected",
            "packageName": "rhoai/odh-llama-stack-core-rhel9",
            "product": "Red Hat OpenShift AI 3.3",
            "vendor": "Red Hat",
            "versions": [
              {
                "lessThan": "*",
                "status": "unaffected",
                "version": "1782310008",
                "versionType": "rpm"
              }
            ]
          },
          {
            "collectionURL": "https://catalog.redhat.com/software/containers/",
            "cpes": [
              "cpe:/a:redhat:openshift_ai:3.4::el9"
            ],
            "defaultStatus": "affected",
            "packageName": "rhoai/odh-trustyai-garak-lls-provider-dsp-rhel9",
            "product": "Red Hat OpenShift AI 3.4",
            "vendor": "Red Hat",
            "versions": [
              {
                "lessThan": "*",
                "status": "unaffected",
                "version": "1781622627",
                "versionType": "rpm"
              }
            ]
          },
          {
            "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
            "cpes": [
              "cpe:/a:redhat:exploit_intelligence:0"
            ],
            "defaultStatus": "unaffected",
            "packageName": "exploit-intelligence-tech-preview/vulnerability-analysis-rhel9",
            "product": "Exploit Intelligence",
            "vendor": "Red Hat"
          },
          {
            "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
            "cpes": [
              "cpe:/a:redhat:ansible_automation_platform:2"
            ],
            "defaultStatus": "unaffected",
            "packageName": "ansible-automation-platform-26/lightspeed-chatbot-rhel9",
            "product": "Red Hat Ansible Automation Platform 2",
            "vendor": "Red Hat"
          },
          {
            "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
            "cpes": [
              "cpe:/a:redhat:ansible_automation_platform:2"
            ],
            "defaultStatus": "unaffected",
            "packageName": "ansible-automation-platform-27/lightspeed-chatbot-rhel9",
            "product": "Red Hat Ansible Automation Platform 2",
            "vendor": "Red Hat"
          },
          {
            "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
            "cpes": [
              "cpe:/a:redhat:openshift_ai"
            ],
            "defaultStatus": "unaffected",
            "packageName": "rhoai/odh-mlflow-rhel9",
            "product": "Red Hat OpenShift AI (RHOAI)",
            "vendor": "Red Hat"
          }
        ],
        "datePublic": "2026-05-08T03:35:16.758Z",
        "descriptions": [
          {
            "lang": "en",
            "value": "A flaw was found in LiteLLM, a proxy server (AI Gateway) for Large Language Model (LLM) APIs. Two endpoints, used for previewing an MCP server before saving it, accepted a full server configuration including command execution parameters. An authenticated user, even with low-privilege internal-user keys, could exploit this by sending a crafted configuration. This allows for arbitrary command execution on the proxy host with the privileges of the proxy process."
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "namespace": "https://access.redhat.com/security/updates/classification/",
                "value": "Important"
              },
              "type": "Red Hat severity rating"
            }
          },
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 8.8,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            },
            "format": "CVSS"
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-78",
                "description": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-07-15T00:57:49.325Z",
          "orgId": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
          "shortName": "redhat-SADP"
        },
        "references": [
          {
            "tags": [
              "vdb-entry",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/security/cve/CVE-2026-42271"
          },
          {
            "name": "RHBZ#2467924",
            "tags": [
              "issue-tracking",
              "x_refsource_REDHAT"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2467924"
          },
          {
            "tags": [
              "x_sadp-csaf-vex"
            ],
            "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-42271.json"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:28960"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:30056"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:27784"
          }
        ],
        "solutions": [
          {
            "lang": "en",
            "value": "RHSA-2026:28960: Red Hat OpenShift AI 2.25"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:30056: Red Hat OpenShift AI 3.3"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:27784: Red Hat OpenShift AI 3.4"
          }
        ],
        "timeline": [
          {
            "lang": "en",
            "time": "2026-05-08T04:02:12.169Z",
            "value": "Reported to Red Hat."
          },
          {
            "lang": "en",
            "time": "2026-05-08T03:35:16.758Z",
            "value": "Made public."
          }
        ],
        "title": "litellm: LiteLLM: Authenticated command execution via MCP stdio test endpoints",
        "x_adpType": "supplier",
        "x_generator": {
          "engine": "sadp-cli 1.0.0"
        }
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "litellm",
          "vendor": "BerriAI",
          "versions": [
            {
              "status": "affected",
              "version": "\u003e= 1.74.2, \u003c 1.83.7"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "LiteLLM is a proxy server (AI Gateway) to call LLM APIs in OpenAI (or native) format. From version 1.74.2 to before version 1.83.7, two endpoints used to preview an MCP server before saving it \u2014 POST /mcp-rest/test/connection and POST /mcp-rest/test/tools/list \u2014 accepted a full server configuration in the request body, including the command, args, and env fields used by the stdio transport. When called with a stdio configuration, the endpoints attempted to connect, which spawned the supplied command as a subprocess on the proxy host with the privileges of the proxy process. The endpoints were gated only by a valid proxy API key, with no role check. Any authenticated user \u2014 including holders of low-privilege internal-user keys \u2014 could therefore run arbitrary commands on the host. This issue has been patched in version 1.83.7."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "attackComplexity": "LOW",
            "attackRequirements": "PRESENT",
            "attackVector": "NETWORK",
            "baseScore": 8.7,
            "baseSeverity": "HIGH",
            "privilegesRequired": "LOW",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "HIGH",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "HIGH"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-77",
              "description": "CWE-77: Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-78",
              "description": "CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-08T03:35:16.758Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/BerriAI/litellm/security/advisories/GHSA-v4p8-mg3p-g94g",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/BerriAI/litellm/security/advisories/GHSA-v4p8-mg3p-g94g"
        },
        {
          "name": "https://github.com/BerriAI/litellm/releases/tag/v1.83.7-stable",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/BerriAI/litellm/releases/tag/v1.83.7-stable"
        }
      ],
      "source": {
        "advisory": "GHSA-v4p8-mg3p-g94g",
        "discovery": "UNKNOWN"
      },
      "title": "LiteLLM: Authenticated command execution via MCP stdio test endpoints"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2026-42271",
    "datePublished": "2026-05-08T03:35:16.758Z",
    "dateReserved": "2026-04-26T11:53:27.707Z",
    "dateUpdated": "2026-07-15T00:57:49.325Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-4228 (GCVE-0-2026-4228)

Vulnerability from cvelistv5 – Published: 2026-03-16 08:02 – Updated: 2026-03-16 16:41
VLAI
Title
LB-LINK BL-WR9000 set_wifi sub_458754 command injection
Summary
A vulnerability was detected in LB-LINK BL-WR9000 2.4.9. This affects the function sub_458754 of the file /goform/set_wifi. The manipulation results in command injection. It is possible to launch the attack remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
SSVC
Exploitation: poc Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
References
URL Tags
https://vuldb.com/?id.351151 vdb-entrytechnical-description
https://vuldb.com/?ctiid.351151 signaturepermissions-required
https://vuldb.com/?submit.771210 third-party-advisory
https://github.com/glkfc/IoT-Vulnerability/blob/m… exploit
Impacted products
Vendor Product Version
LB-LINK BL-WR9000 Affected: 2.4.9
Create a notification for this product.
Credits
jfkk (VulDB User) VulDB
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-4228",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-03-16T16:40:53.546924Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-03-16T16:41:59.288Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "BL-WR9000",
          "vendor": "LB-LINK",
          "versions": [
            {
              "status": "affected",
              "version": "2.4.9"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "jfkk (VulDB User)"
        },
        {
          "lang": "en",
          "type": "coordinator",
          "value": "VulDB"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability was detected in LB-LINK BL-WR9000 2.4.9. This affects the function sub_458754 of the file /goform/set_wifi. The manipulation results in command injection. It is possible to launch the attack remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
            "version": "4.0"
          }
        },
        {
          "cvssV3_1": {
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
            "version": "3.1"
          }
        },
        {
          "cvssV3_0": {
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
            "version": "3.0"
          }
        },
        {
          "cvssV2_0": {
            "baseScore": 6.5,
            "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
            "version": "2.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-77",
              "description": "Command Injection",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-74",
              "description": "Injection",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-03-16T08:02:10.790Z",
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB"
      },
      "references": [
        {
          "name": "VDB-351151 | LB-LINK BL-WR9000 set_wifi sub_458754 command injection",
          "tags": [
            "vdb-entry",
            "technical-description"
          ],
          "url": "https://vuldb.com/?id.351151"
        },
        {
          "name": "VDB-351151 | CTI Indicators (IOB, IOC, TTP, IOA)",
          "tags": [
            "signature",
            "permissions-required"
          ],
          "url": "https://vuldb.com/?ctiid.351151"
        },
        {
          "name": "Submit #771210 | LB-LINK BL-WR9000 V2.4.9 Command Injection",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/?submit.771210"
        },
        {
          "tags": [
            "exploit"
          ],
          "url": "https://github.com/glkfc/IoT-Vulnerability/blob/main/LB-LINK/LB-LINK_wlanpswencry%20command%20injection_EN.md"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2026-03-15T00:00:00.000Z",
          "value": "Advisory disclosed"
        },
        {
          "lang": "en",
          "time": "2026-03-15T01:00:00.000Z",
          "value": "VulDB entry created"
        },
        {
          "lang": "en",
          "time": "2026-03-15T19:46:26.000Z",
          "value": "VulDB entry last update"
        }
      ],
      "title": "LB-LINK BL-WR9000 set_wifi sub_458754 command injection"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "cveId": "CVE-2026-4228",
    "datePublished": "2026-03-16T08:02:10.790Z",
    "dateReserved": "2026-03-15T18:41:17.685Z",
    "dateUpdated": "2026-03-16T16:41:59.288Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Mitigation

Phase: Architecture and Design

Description:

  • If at all possible, use library calls rather than external processes to recreate the desired functionality.
Mitigation

Phase: Implementation

Description:

  • If possible, ensure that all external commands called from the program are statically created.
Mitigation ID: MIT-5

Phase: Implementation

Strategy: Input Validation

Description:

  • Assume all input is malicious. Use an "accept known good" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.
  • When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, "boat" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as "red" or "blue."
  • Do not rely exclusively on looking for malicious or malformed inputs. This is likely to miss at least one undesirable input, especially if the code's environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright.
Mitigation

Phase: Operation

Description:

  • Run time: Run time policy enforcement may be used in an allowlist fashion to prevent use of any non-sanctioned commands.
Mitigation

Phase: System Configuration

Description:

  • Assign permissions that prevent the user from accessing/opening privileged files.
CAPEC-136: LDAP Injection

An attacker manipulates or crafts an LDAP query for the purpose of undermining the security of the target. Some applications use user input to create LDAP queries that are processed by an LDAP server. For example, a user might provide their username during authentication and the username might be inserted in an LDAP query during the authentication process. An attacker could use this input to inject additional commands into an LDAP query that could disclose sensitive information. For example, entering a * in the aforementioned query might return information about all users on the system. This attack is very similar to an SQL injection attack in that it manipulates a query to gather additional information or coerce a particular return value.

CAPEC-15: Command Delimiters

An attack of this type exploits a programs' vulnerabilities that allows an attacker's commands to be concatenated onto a legitimate command with the intent of targeting other resources such as the file system or database. The system that uses a filter or denylist input validation, as opposed to allowlist validation is vulnerable to an attacker who predicts delimiters (or combinations of delimiters) not present in the filter or denylist. As with other injection attacks, the attacker uses the command delimiter payload as an entry point to tunnel through the application and activate additional attacks through SQL queries, shell commands, network scanning, and so on.

CAPEC-183: IMAP/SMTP Command Injection

An adversary exploits weaknesses in input validation on web-mail servers to execute commands on the IMAP/SMTP server. Web-mail servers often sit between the Internet and the IMAP or SMTP mail server. User requests are received by the web-mail servers which then query the back-end mail server for the requested information and return this response to the user. In an IMAP/SMTP command injection attack, mail-server commands are embedded in parts of the request sent to the web-mail server. If the web-mail server fails to adequately sanitize these requests, these commands are then sent to the back-end mail server when it is queried by the web-mail server, where the commands are then executed. This attack can be especially dangerous since administrators may assume that the back-end server is protected against direct Internet access and therefore may not secure it adequately against the execution of malicious commands.

CAPEC-248: Command Injection

An adversary looking to execute a command of their choosing, injects new items into an existing command thus modifying interpretation away from what was intended. Commands in this context are often standalone strings that are interpreted by a downstream component and cause specific responses. This type of attack is possible when untrusted values are used to build these command strings. Weaknesses in input validation or command construction can enable the attack and lead to successful exploitation.

CAPEC-40: Manipulating Writeable Terminal Devices

This attack exploits terminal devices that allow themselves to be written to by other users. The attacker sends command strings to the target terminal device hoping that the target user will hit enter and thereby execute the malicious command with their privileges. The attacker can send the results (such as copying /etc/passwd) to a known directory and collect once the attack has succeeded.

CAPEC-43: Exploiting Multiple Input Interpretation Layers

An attacker supplies the target software with input data that contains sequences of special characters designed to bypass input validation logic. This exploit relies on the target making multiples passes over the input data and processing a "layer" of special characters with each pass. In this manner, the attacker can disguise input that would otherwise be rejected as invalid by concealing it with layers of special/escape characters that are stripped off by subsequent processing steps. The goal is to first discover cases where the input validation layer executes before one or more parsing layers. That is, user input may go through the following logic in an application: <parser1> --> <input validator> --> <parser2>. In such cases, the attacker will need to provide input that will pass through the input validator, but after passing through parser2, will be converted into something that the input validator was supposed to stop.

CAPEC-75: Manipulating Writeable Configuration Files

Generally these are manually edited files that are not in the preview of the system administrators, any ability on the attackers' behalf to modify these files, for example in a CVS repository, gives unauthorized access directly to the application, the same as authorized users.

CAPEC-76: Manipulating Web Input to File System Calls

An attacker manipulates inputs to the target software which the target software passes to file system calls in the OS. The goal is to gain access to, and perhaps modify, areas of the file system that the target software did not intend to be accessible.

Back to CWE stats page