CVE-2026-40456
OS Command Injection in LMS
Vexday Risk Score
21Bajo
Decisión SSVC (CISA)
Track
Sin señal de explotación → monitorear
CVSS 8.6EPSS 0.9%KEV nãoPoC —Nuclei —Metasploit —Patch referenciado
Ciclo de vida
18 jun 2026Publicada en NVD
Recomendación: Monitorear — sin señal de explotación por ahora.
An OS Command Injection vulnerability exists in LMS (LAN Management System) before commit 9fcb4de due to an IP address parameter being passed to the "exec()" function without proper validation, allowing attackers to execute arbitrary operating system commands.
CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:N
Productos afectados
LMS · LMS