CVE-2026-24788

High CVSS: 8.7

RaspAP raspap-webgui versions prior to 3.3.6 contain an OS command injection vulnerability. If exploited, an arbitrary OS command may be executed by a user who can log in to the product.

Vendor

Product

CWE

CWE-78

Yayın Tarihi

2026-02-02 05:16:03

Güncelleme

2026-02-03 16:44:36

Source Identifier

vultures@jpcert.or.jp

KEV Date Added

Kategoriler

CWE-78 HIGH 2026

Referanslar

https://github.com/RaspAP/raspap-webgui/releases https://jvn.jp/en/jp/JVN27202136/