Search criteria
1 vulnerability by Profelis Information and Consulting Trade and Industry Limited Company
CVE-2026-3120 (GCVE-0-2026-3120)
Vulnerability from cvelistv5 – Published: 2026-05-04 11:53 – Updated: 2026-05-04 12:42
VLAI
Title
RCE in Profelis Informatics' SambaBox
Summary
Improper Control of Generation of Code ('Code Injection') vulnerability in Profelis Information and Consulting Trade and Industry Limited Company SambaBox allows OS Command Injection.
This issue affects SambaBox: from 5.1 before 5.3.
Severity
7.2 (High)
CWE
- CWE-94 - Improper Control of Generation of Code ('Code Injection')
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.usom.gov.tr/bildirim/tr-26-0155 | third-party-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Profelis Information and Consulting Trade and Industry Limited Company | SambaBox |
Affected:
5.1 , < 5.3
(custom)
|
Date Public
2026-05-04 11:49
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-3120",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-04T12:42:07.685316Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-04T12:42:30.558Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "SambaBox",
"vendor": "Profelis Information and Consulting Trade and Industry Limited Company",
"versions": [
{
"lessThan": "5.3",
"status": "affected",
"version": "5.1",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Kayra B\u00dcY\u00dcKL\u00dc"
}
],
"datePublic": "2026-05-04T11:49:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Control of Generation of Code (\u0027Code Injection\u0027) vulnerability in Profelis Information and Consulting Trade and Industry Limited Company SambaBox allows OS Command Injection.\u003cp\u003eThis issue affects SambaBox: from 5.1 before 5.3.\u003c/p\u003e"
}
],
"value": "Improper Control of Generation of Code (\u0027Code Injection\u0027) vulnerability in Profelis Information and Consulting Trade and Industry Limited Company SambaBox allows OS Command Injection.\n\nThis issue affects SambaBox: from 5.1 before 5.3."
}
],
"impacts": [
{
"capecId": "CAPEC-88",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-88 OS Command Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-04T11:53:27.437Z",
"orgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
"shortName": "TR-CERT"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://www.usom.gov.tr/bildirim/tr-26-0155"
}
],
"source": {
"advisory": "TR-26-0155",
"defect": [
"TR-26-0155"
],
"discovery": "UNKNOWN"
},
"title": "RCE in Profelis Informatics\u0027 SambaBox",
"x_generator": {
"engine": "Vulnogram 1.0.2"
}
}
},
"cveMetadata": {
"assignerOrgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
"assignerShortName": "TR-CERT",
"cveId": "CVE-2026-3120",
"datePublished": "2026-05-04T11:53:27.437Z",
"dateReserved": "2026-02-24T13:05:55.590Z",
"dateUpdated": "2026-05-04T12:42:30.558Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}