← back
CVE-2026-3120

RCE in Profelis Informatics' SambaBox

CVSS 7.2 HIGHEPSS 1.2%CWE-94
Vexday Risk Score
21Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 7.2EPSS 1.2%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
04 May 2026Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
Improper Control of Generation of Code ('Code Injection') vulnerability in Profelis Information and Consulting Trade and Industry Limited Company SambaBox allows OS Command Injection. This issue affects SambaBox: from 5.1 before 5.3.
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →