← voltar
CVE-2026-10539

Unauthenticated command injection in Control-M/Server communication command

CVSS 9.5 CRITICALEPSS 0.2%CWE-305
Vexday Risk Score
28Baixo
Decisão SSVC (CISA)
Track
Sem sinal de exploração → monitorar
CVSS 9.5EPSS 0.2%KEV nãoPoC Nuclei Metasploit Patch
Ciclo de vida
01 jul 2026Publicada no NVD
Recomendação: Monitorar — sem sinal de exploração no momento.
A Control-M/Server communication command does not sufficiently filter or sanitize user-supplied input. Under certain conditions, this issue may allow an unauthenticated attacker to execute unauthorized commands on the affected server, potentially leading to compromise of the server.  This vulnerability affects Control-M/Server versions 9.0.20.x to 9.0.21.200 (included) and potentially earlier unsupported versions.
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
Produtos afetados
BMC · Control-M/Server