CVE-2026-9717
HighCVSS 7.2Exploitation Probability (EPSS)
Elevated risk64th percentile — higher than 64% of all known CVEs
Summary
An OS Command Injection vulnerability (CWE-78) in a network service allows unauthorized execution of commands with elevated privileges. The flaw is triggered when a privileged authenticated user interacts with the vulnerable service.
Risk Assessment
The risk includes compromise of system integrity, confidentiality, and availability. An attacker could gain full control, exfiltrate data, or cause service disruption.
Recommendation
Immediately update the software to a patched version. Restrict access to the vulnerable service to trusted users and networks only.
Original NVD description (English source)
CWE-78 Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability exists that could allow unauthorized execution of commands with elevated privileges, impacting system integrity, confidentiality, and availability when a privileged authenticated user interacts with a vulnerable network-exposed service.

