CVE Catalog

CVE-2026-41225

CriticalCVSS 9.1
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.27%

19th percentile — higher than 19% of all known CVEs

Summary

A vulnerability exists in iControl REST that allows a highly privileged, authenticated attacker with at least the Manager role to create configuration objects that enable running arbitrary commands.

Risk Assessment

An attacker with the appropriate privileges could exploit this vulnerability to gain control over the system, posing a serious security threat to the organization.

Recommendation

It is recommended to restrict access to accounts with the Manager role and to monitor and audit activities in the iControl REST system.

Original NVD description (English source)

A vulnerability exists in iControl REST where a highly privileged, authenticated attacker with at least the Manager role can create configuration objects that allow running arbitrary commands.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS