CVE-2026-41225
CriticalCVSS 9.1Exploitation Probability (EPSS)
Low risk19th percentile — higher than 19% of all known CVEs
Summary
A vulnerability exists in iControl REST that allows a highly privileged, authenticated attacker with at least the Manager role to create configuration objects that enable running arbitrary commands.
Risk Assessment
An attacker with the appropriate privileges could exploit this vulnerability to gain control over the system, posing a serious security threat to the organization.
Recommendation
It is recommended to restrict access to accounts with the Manager role and to monitor and audit activities in the iControl REST system.
Original NVD description (English source)
A vulnerability exists in iControl REST where a highly privileged, authenticated attacker with at least the Manager role can create configuration objects that allow running arbitrary commands. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

