CVE-2026-12104
HighCVSS 8.6Exploitation Probability (EPSS)
Elevated risk61th percentile - higher than 61% of all known CVEs
Summary
Versions of SIMA GmbH Bondix up to 1.25.7.5 on Linux contain an OS command injection vulnerability in the environment and tunnel configuration functionality. This allows an authenticated attacker with configuration write access to execute arbitrary operating-system commands via crafted configuration values passed to server-side scripts.
Risk Assessment
This vulnerability poses a serious risk to organizations as it allows an attacker to gain full control over the operating system, potentially leading to data loss or system compromise.
Recommendation
It is recommended to upgrade to the latest version of the software to mitigate this vulnerability and to restrict access to configuration functions only to trusted users.
Original NVD description (English source)
OS command injection in the environment and tunnel configuration functionality in SIMA GmbH Bondix through version 1.25.7.5 on Linux allows an authenticated attacker with configuration write access to execute arbitrary operating-system commands via crafted configuration values passed to server-side scripts.

