CVE-2026-40456
HighCVSS 8.6Exploitation Probability (EPSS)
Elevated risk56th percentile — higher than 56% of all known CVEs
Summary
An OS Command Injection vulnerability exists in LMS (LAN Management System) before commit 9fcb4de. The issue arises from an IP address parameter being passed to the 'exec()' function without proper validation, allowing attackers to execute arbitrary operating system commands.
Risk Assessment
This vulnerability poses a serious security risk as it allows attackers to remotely execute commands, potentially leading to system compromise.
Recommendation
It is recommended to update the LMS system to a version after commit 9fcb4de and implement proper input validation mechanisms to prevent command injection.
Original NVD description (English source)
An OS Command Injection vulnerability exists in LMS (LAN Management System) before commit 9fcb4de due to an IP address parameter being passed to the "exec()" function without proper validation, allowing attackers to execute arbitrary operating system commands.

