CVE Catalog

CVE-2026-57999

HighCVSS 8.8
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Elevated risk
1.18%

64th percentile — higher than 64% of all known CVEs

Summary

A command injection vulnerability in luci-app-tailscale-commons allows authenticated users to execute arbitrary commands as root via the tailscale.do_login RPC method. The issue stems from improper quoting of the loginserver and loginserver_authkey parameters within a double-quoted shell command, enabling shell substitutions like $() to be evaluated.

Risk Assessment

An attacker with administrative panel access can gain full control over the device, execute arbitrary commands, modify configuration, or install malware.

Recommendation

Immediately update the luci-app-tailscale-commons package to a version that fixes the parameter quoting. If no update is available, temporarily restrict administrative panel access to trusted users only.

Original NVD description (English source)

luci-app-tailscale-community contains a command injection vulnerability in the tailscale.do_login RPC method that allows authenticated users to execute arbitrary commands as root. The vulnerability exists because user-controlled loginserver and loginserver_authkey parameters are improperly quoted within a double-quoted shell command, allowing shell substitutions like $() to be evaluated by the outer shell before argument processing.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS