CVE-2026-22313

CRITICAL EPSS 55.8%

Published Jun 16, 20261w ago · Modified Jun 17, 20261w ago

9.1 CVSS 3.1

Critical

Published Jun 16, 2026 1w ago

Last Modified Jun 17, 2026 1w ago

Description

The device has a webserver that exposes a REST API authenticated with a token on the management network. By exploiting an OS command injection vulnerability an authenticated attacker can send arbitrary commands to the device that are executed with administrative permissions by the underlying operating system.

CVSS Details

Base Score

9.1

Exploitability

2.3

Impact

6.0

Vector string

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

Attack Vector Network

Attack Complexity Low

Privileges Required High

User Interaction None

Scope Changed

Confidentiality High

Integrity High

Availability High

Threat Intelligence

EPSS Exploit Probability

55.8% percentile

Exploit & Patch Status

No Known Exploit

No Patch Available

Weaknesses 1

CWE-78 OS Command Injection Injection

References 1

cvcn.gov.it https://www.cvcn.gov.it/cvcn/cve/CVE-2026-22313

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.