CVE Catalog

CVE-2026-9717

HighCVSS 7.2
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Elevated risk
1.19%

64th percentile — higher than 64% of all known CVEs

Summary

An OS Command Injection vulnerability (CWE-78) in a network service allows unauthorized execution of commands with elevated privileges. The flaw is triggered when a privileged authenticated user interacts with the vulnerable service.

Risk Assessment

The risk includes compromise of system integrity, confidentiality, and availability. An attacker could gain full control, exfiltrate data, or cause service disruption.

Recommendation

Immediately update the software to a patched version. Restrict access to the vulnerable service to trusted users and networks only.

Original NVD description (English source)

CWE-78 Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability exists that could allow unauthorized execution of commands with elevated privileges, impacting system integrity, confidentiality, and availability when a privileged authenticated user interacts with a vulnerable network-exposed service.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS