← volver
CVE-2026-10539

Unauthenticated command injection in Control-M/Server communication command

CVSS 9.5 CRITICALEPSS 0.2%CWE-305
Vexday Risk Score
28Bajo
Decisión SSVC (CISA)
Track
Sin señal de explotación → monitorear
CVSS 9.5EPSS 0.2%KEV nãoPoC Nuclei Metasploit Patch
Ciclo de vida
01 jul 2026Publicada en NVD
Recomendación: Monitorear — sin señal de explotación por ahora.
A Control-M/Server communication command does not sufficiently filter or sanitize user-supplied input. Under certain conditions, this issue may allow an unauthenticated attacker to execute unauthorized commands on the affected server, potentially leading to compromise of the server.  This vulnerability affects Control-M/Server versions 9.0.20.x to 9.0.21.200 (included) and potentially earlier unsupported versions.
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
Productos afectados
BMC · Control-M/Server