CVE-2026-2952

Medium CVSS: 6.9

A flaw has been found in Vaelsys 4.1.0. This vulnerability affects unknown code of the file /tree/tree_server.php of the component HTTP POST Request Handler. This manipulation of the argument xajaxargs causes os command injection. The attack is possible to be carried out remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Vendor

Vaelsys

Product

Vaelsys

CWE

CWE-77

Yayın Tarihi

2026-02-22 14:16:02

Güncelleme

2026-02-25 18:16:24

Source Identifier

cna@vuldb.com

KEV Date Added

Kategoriler

CWE-77 Vaelsys MEDIUM Vaelsys 2026

Referanslar

https://github.com/CVE-Hunter-Leo/CVE/issues/10 https://vuldb.com/?ctiid.347318 https://vuldb.com/?id.347318 https://vuldb.com/?submit.755166

Benzer Kayıtlar

Medium

CVE-2025-8261

A vulnerability was found in Vaelsys 4.1.0 and classified as critical. This issue affects some unknown processing of the…

Low

CVE-2025-8260

A vulnerability has been found in Vaelsys 4.1.0 and classified as problematic. This vulnerability affects unknown code o…

Medium

CVE-2025-8259

A vulnerability, which was classified as critical, was found in Vaelsys 4.1.0. This affects the function execute_DataObj…