CVE Catalog

CVE-2026-12104

HighCVSS 8.6
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Elevated risk
1.10%

61th percentile - higher than 61% of all known CVEs

Summary

Versions of SIMA GmbH Bondix up to 1.25.7.5 on Linux contain an OS command injection vulnerability in the environment and tunnel configuration functionality. This allows an authenticated attacker with configuration write access to execute arbitrary operating-system commands via crafted configuration values passed to server-side scripts.

Risk Assessment

This vulnerability poses a serious risk to organizations as it allows an attacker to gain full control over the operating system, potentially leading to data loss or system compromise.

Recommendation

It is recommended to upgrade to the latest version of the software to mitigate this vulnerability and to restrict access to configuration functions only to trusted users.

Original NVD description (English source)

OS command injection in the environment and tunnel configuration functionality in SIMA GmbH Bondix through version 1.25.7.5 on Linux allows an authenticated attacker with configuration write access to execute arbitrary operating-system commands via crafted configuration values passed to server-side scripts.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS