CVE Catalog

CVE-2026-58000

HighCVSS 8.8
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Elevated risk
1.40%

69th percentile — higher than 69% of all known CVEs

Summary

A command injection vulnerability in luci-proto-openvpn through version 0.11.1 (fixed in commit e4ff45e) exists in the generateKey ubus method. The cl_meta parameter is interpolated into a shell command without proper escaping, allowing an authenticated LuCI user with OpenVPN protocol configuration access to execute arbitrary commands as root via the popen function.

Risk Assessment

An attacker can gain full control over the device by executing arbitrary commands with root privileges, leading to complete compromise of confidentiality, integrity, and availability.

Recommendation

Immediately update luci-proto-openvpn to a version containing commit e4ff45e or later. If an update is not possible, restrict access to the LuCI interface to trusted users only.

Original NVD description (English source)

luci-proto-openvpn through 0.11.1, fixed in commit e4ff45e, contains a command injection vulnerability in the generateKey ubus method where the cl_meta parameter is interpolated into a shell command without proper escaping or quoting. An authenticated LuCI user with OpenVPN protocol configuration access can inject arbitrary shell metacharacters into cl_meta to execute commands as root via the popen function.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS