← volver
CVE-2026-40456

OS Command Injection in LMS

CVSS 8.6 HIGHEPSS 0.9%CWE-78
An OS Command Injection vulnerability exists in LMS (LAN Management System) before commit 9fcb4de due to an IP address parameter being passed to the "exec()" function without proper validation, allowing attackers to execute arbitrary operating system commands.
CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:N
Productos afectados
LMS · LMS

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://cert.pl/posts/2026/06/CVE-2026-40455https://github.com/chilek/lms/commit/9fcb4de19b7d76394898dbc124252b86b07ac0edhttps://lms.org.pl/