CVE Catalog

CVE-2026-22313

CriticalCVSS 9.1
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Elevated risk
0.92%

56th percentile — higher than 56% of all known CVEs

Summary

The device has a webserver that exposes a REST API authenticated with a token on the management network. By exploiting an OS command injection vulnerability, an authenticated attacker can send arbitrary commands to the device that are executed with administrative permissions by the underlying operating system.

Risk Assessment

An attacker with access to the management network can gain full control over the device, potentially leading to serious security breaches and data loss.

Recommendation

It is recommended to secure the API by implementing additional authorization mechanisms and regularly updating the device's software to eliminate known vulnerabilities.

Original NVD description (English source)

The device has a webserver that exposes a REST API authenticated with a token on the management network. By exploiting an OS command injection vulnerability an authenticated attacker can send arbitrary commands to the device that are executed with administrative permissions by the underlying operating system.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS