CWE-94
Allowed-with-ReviewImproper Control of Generation of Code ('Code Injection')
Abstraction: Base · Status: Draft
The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.
8272 vulnerabilities reference this CWE, most recent first.
CVE-2026-22314 (GCVE-0-2026-22314)
Vulnerability from cvelistv5 – Published: 2026-05-20 10:29 – Updated: 2026-05-20 12:34- CWE-94 - Improper Control of Generation of Code ('Code Injection')
| URL | Tags |
|---|---|
| https://seccore.at/blog/cves-meona/ | third-party-advisory |
| Vendor | Product | Version | |
|---|---|---|---|
| Mesalvo | Meona Client Launcher Component |
Affected:
0 , ≤ 19.06.2020 15:11:49
(custom)
|
|
| Mesalvo | Meona Server Component |
Affected:
0 , ≤ 2025.04 5+323020
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-22314",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-20T12:29:31.474390Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-20T12:34:04.008Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Meona Client Launcher Component",
"vendor": "Mesalvo",
"versions": [
{
"lessThanOrEqual": "19.06.2020 15:11:49",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Meona Server Component",
"vendor": "Mesalvo",
"versions": [
{
"lessThanOrEqual": "2025.04 5+323020",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Control of Generation of Code (\u0027Code Injection\u0027) vulnerability in Mesalvo Meona Client Launcher Component, Mesalvo Meona Server Component enables code execution on other users\u0027 systems.\u0026nbsp;This issue affects Meona Client Launcher Component: through 19.06.2020 15:11:49; Meona Server Component: through 2025.04 5+323020."
}
],
"value": "Improper Control of Generation of Code (\u0027Code Injection\u0027) vulnerability in Mesalvo Meona Client Launcher Component, Mesalvo Meona Server Component enables code execution on other users\u0027 systems.\u00a0This issue affects Meona Client Launcher Component: through 19.06.2020 15:11:49; Meona Server Component: through 2025.04 5+323020."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94: Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-20T10:29:38.661Z",
"orgId": "a6d3dc9e-0591-4a13-bce7-0f5b31ff6158",
"shortName": "ENISA"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://seccore.at/blog/cves-meona/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 1.0.2"
}
}
},
"cveMetadata": {
"assignerOrgId": "a6d3dc9e-0591-4a13-bce7-0f5b31ff6158",
"assignerShortName": "ENISA",
"cveId": "CVE-2026-22314",
"datePublished": "2026-05-20T10:29:38.661Z",
"dateReserved": "2026-01-07T09:31:00.563Z",
"dateUpdated": "2026-05-20T12:34:04.008Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-21877 (GCVE-0-2026-21877)
Vulnerability from cvelistv5 – Published: 2026-01-08 00:39 – Updated: 2026-01-08 18:59| URL | Tags |
|---|---|
| https://github.com/n8n-io/n8n/security/advisories… | x_refsource_CONFIRM |
| https://github.com/n8n-io/n8n/commit/f4b009d00d1f… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-21877",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-08T18:59:03.985457Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-08T18:59:10.198Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n8n",
"vendor": "n8n-io",
"versions": [
{
"status": "affected",
"version": "\u003c 1.121.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "n8n is an open source workflow automation platform. In versions 0.121.2 and below, an authenticated attacker may be able to execute malicious code using the n8n service. This could result in full compromise and can impact both self-hosted and n8n Cloud instances. This issue is fixed in version 1.121.3. Administrators can reduce exposure by disabling the Git node and limiting access for untrusted users, but upgrading to the latest version is recommended."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94: Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "CWE-434: Unrestricted Upload of File with Dangerous Type",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-08T00:39:58.697Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/n8n-io/n8n/security/advisories/GHSA-v364-rw7m-3263",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/n8n-io/n8n/security/advisories/GHSA-v364-rw7m-3263"
},
{
"name": "https://github.com/n8n-io/n8n/commit/f4b009d00d1f4ba9359b8e8f1c071e3d910a55f6",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/n8n-io/n8n/commit/f4b009d00d1f4ba9359b8e8f1c071e3d910a55f6"
}
],
"source": {
"advisory": "GHSA-v364-rw7m-3263",
"discovery": "UNKNOWN"
},
"title": "n8n is vulnerable to Remote Code Execution via Arbitrary File Write"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-21877",
"datePublished": "2026-01-08T00:39:58.697Z",
"dateReserved": "2026-01-05T17:24:36.928Z",
"dateUpdated": "2026-01-08T18:59:10.198Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-21853 (GCVE-0-2026-21853)
Vulnerability from cvelistv5 – Published: 2026-03-02 18:55 – Updated: 2026-03-02 19:19- CWE-94 - Improper Control of Generation of Code ('Code Injection')
| URL | Tags |
|---|---|
| https://github.com/toeverything/AFFiNE/security/a… | x_refsource_CONFIRM |
| https://github.com/toeverything/AFFiNE/pull/13864 | x_refsource_MISC |
| https://github.com/toeverything/AFFiNE/commit/c9a… | x_refsource_MISC |
| Vendor | Product | Version | |
|---|---|---|---|
| toeverything | AFFiNE |
Affected:
< 0.25.4
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-21853",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-02T19:18:43.190650Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-02T19:19:18.087Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "AFFiNE",
"vendor": "toeverything",
"versions": [
{
"status": "affected",
"version": "\u003c 0.25.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "AFFiNE is an open-source, all-in-one workspace and an operating system. Prior to version 0.25.4, there is a one-click remote code execution vulnerability. This vulnerability can be exploited by embedding a specially crafted affine: URL on a website. An attacker can trigger the vulnerability in two common scenarios: 1/ A victim visits a malicious website controlled by the attacker and the website redirect to the URL automatically, or 2/ A victim clicks on a crafted link embedded on a legitimate website (e.g., in user-generated content). In both cases, the browser invokes AFFiNE custom URL handler, which launches the AFFiNE app and processes the crafted URL. This results in arbitrary code execution on the victim\u2019s machine, without further interaction. This issue has been patched in version 0.25.4."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94: Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-02T18:55:04.978Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/toeverything/AFFiNE/security/advisories/GHSA-67vm-2mcj-8965",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/toeverything/AFFiNE/security/advisories/GHSA-67vm-2mcj-8965"
},
{
"name": "https://github.com/toeverything/AFFiNE/pull/13864",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/toeverything/AFFiNE/pull/13864"
},
{
"name": "https://github.com/toeverything/AFFiNE/commit/c9a4129a3e9376b688c18e1dcd6c87a775caac80",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/toeverything/AFFiNE/commit/c9a4129a3e9376b688c18e1dcd6c87a775caac80"
}
],
"source": {
"advisory": "GHSA-67vm-2mcj-8965",
"discovery": "UNKNOWN"
},
"title": "AFFiNE: One-click Remote Code Execution through Custom URL Handling"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-21853",
"datePublished": "2026-03-02T18:55:04.978Z",
"dateReserved": "2026-01-05T16:44:16.366Z",
"dateUpdated": "2026-03-02T19:19:18.087Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-21658 (GCVE-0-2026-21658)
Vulnerability from cvelistv5 – Published: 2026-02-27 08:59 – Updated: 2026-02-27 13:07- CWE-94 - Improper Control of Generation of Code ('Code Injection')
| Vendor | Product | Version | |
|---|---|---|---|
| Johnson Controls | Frick Controls Quantum HD |
Affected:
Frick Controls Quantum HD version 10.22 and prior
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-21658",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-27T13:03:00.519122Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-27T13:07:55.620Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Frick Controls Quantum HD",
"vendor": "Johnson Controls",
"versions": [
{
"status": "affected",
"version": "Frick Controls Quantum HD version 10.22 and prior"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Noam Moshe of Claroty Team 82 Research group"
}
],
"datePublic": "2026-02-26T08:58:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Unauthenticated Remote Code Execution i.e Improper Control of Generation of Code (\u0027Code Injection\u0027) vulnerability in Johnson Controls Frick Controls Quantum HD allows Code Injection. Insufficient validation of input in certain parameters may permit unexpected actions, which could impact the security of the device before authentication occurs.\u003cp\u003eThis issue affects Frick Controls Quantum HD version 10.22 and prior.\u003c/p\u003e"
}
],
"value": "Unauthenticated Remote Code Execution i.e Improper Control of Generation of Code (\u0027Code Injection\u0027) vulnerability in Johnson Controls Frick Controls Quantum HD allows Code Injection. Insufficient validation of input in certain parameters may permit unexpected actions, which could impact the security of the device before authentication occurs.This issue affects Frick Controls Quantum HD version 10.22 and prior."
}
],
"impacts": [
{
"capecId": "CAPEC-242",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-242 Code Injection"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-27T09:27:06.676Z",
"orgId": "7281d04a-a537-43df-bfb4-fa4110af9d01",
"shortName": "jci"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-057-01"
},
{
"url": "https://www.johnsoncontrols.com/trust-center/cybersecurity/security-advisories"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "a. Quantum HD version 10.22 through Version 11 is a previous product platform and is End Of support platform and should be upgraded to new platform with Quantum HD Unity version 12 and above. The update procedure can be found here: \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://frickcontrolsblob.file.core.windows.net/frickweb1/Quantum-HD-Unity/Quantum_HD_Unity_Software..\"\u003ehttps://frickcontrolsblob.file.core.windows.net/frickweb1/Quantum-HD-Unity/Quantum_HD_Unity_Software...\u003c/a\u003e.\u003cbr\u003eb. After the upgrade to version 12 is completed, ensure full alignment with hardening guide and apply all relevant security configurations.\u003cbr\u003ec. For more detailed mitigation instructions, please see Johnson Controls Product Security Advisory JCI-PSA-2026-05 at the following location\u003cbr\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.johnsoncontrols.com/trust-center/cybersecurity/security-advisories\"\u003ehttps://www.johnsoncontrols.com/trust-center/cybersecurity/security-advisories\u003c/a\u003e\u003cbr\u003e\u003cbr\u003e"
}
],
"value": "a. Quantum HD version 10.22 through Version 11 is a previous product platform and is End Of support platform and should be upgraded to new platform with Quantum HD Unity version 12 and above. The update procedure can be found here: https://www.johnsoncontrols.com/trust-center/cybersecurity/security-advisories"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Johnson Controls -Frick Quantum HD- Unauthenticated Remote Code Execution",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7281d04a-a537-43df-bfb4-fa4110af9d01",
"assignerShortName": "jci",
"cveId": "CVE-2026-21658",
"datePublished": "2026-02-27T08:59:13.878Z",
"dateReserved": "2026-01-02T13:23:28.169Z",
"dateUpdated": "2026-02-27T13:07:55.620Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-21657 (GCVE-0-2026-21657)
Vulnerability from cvelistv5 – Published: 2026-02-27 08:54 – Updated: 2026-03-06 18:41- CWE-94 - Improper Control of Generation of Code ('Code Injection')
| Vendor | Product | Version | |
|---|---|---|---|
| Johnson Controls | Frick Controls Quantum HD |
Affected:
Frick Controls Quantum HD version 10.22 and prior
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-21657",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-27T16:32:44.914868Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-06T18:41:29.078Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Frick Controls Quantum HD",
"vendor": "Johnson Controls",
"versions": [
{
"status": "affected",
"version": "Frick Controls Quantum HD version 10.22 and prior"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Noam Moshe of Claroty Team 82 Research group"
}
],
"datePublic": "2026-02-26T08:48:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Control of Generation of Code (\u0027Code Injection\u0027) vulnerability in Johnson Controls Frick Controls Quantum HD allows Code Injection.\u0026nbsp;Insufficient validation of input in certain parameters may permit unexpected actions, which could impact the security of the device before authentication occurs.\u003cp\u003eThis issue affects Frick Controls Quantum HD version 10.22 and prior.\u003c/p\u003e"
}
],
"value": "Improper Control of Generation of Code (\u0027Code Injection\u0027) vulnerability in Johnson Controls Frick Controls Quantum HD allows Code Injection.\u00a0Insufficient validation of input in certain parameters may permit unexpected actions, which could impact the security of the device before authentication occurs.This issue affects Frick Controls Quantum HD version 10.22 and prior."
}
],
"impacts": [
{
"capecId": "CAPEC-242",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-242 Code Injection"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-27T08:54:28.236Z",
"orgId": "7281d04a-a537-43df-bfb4-fa4110af9d01",
"shortName": "jci"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-057-01"
},
{
"url": "https://www.johnsoncontrols.com/trust-center/cybersecurity/security-advisories"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "a. Quantum HD version 10.22 through Version 11 is a previous product platform and is End Of support platform and should be upgraded to new platform with Quantum HD Unity version 12 and above.\u0026nbsp;\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThe update procedure can be found here:\u0026nbsp;\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://frickcontrolsblob.file.core.windows.net/frickweb1/Quantum-HD-Unity/Quantum_HD_Unity_Software_Update_Procedure.pdf?sv=2018-03-28\u0026amp;si=frickweb1-174C1294FA7\u0026amp;sr=f\u0026amp;sig=us0dhk6IWmCvmDvBs02yJvC%2BjnzbxqZmb4QEpVVDkxY%3D\"\u003ehttps://frickcontrolsblob.file.core.windows.net/frickweb1/Quantum-HD-Unity/Quantum_HD_Unity_Software...\u003c/a\u003e\u003c/span\u003e\u003cbr\u003eb. After the upgrade to version 12 is completed, ensure full alignment with hardening guide and apply all relevant security configurations.\u003cbr\u003ec. For more detailed mitigation instructions, please see Johnson Controls Product Security Advisory JCI-PSA-2026-05 at the following location\u003cbr\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.johnsoncontrols.com/trust-center/cybersecurity/security-advisories\"\u003ehttps://www.johnsoncontrols.com/trust-center/cybersecurity/security-advisories\u003c/a\u003e \u003cbr\u003e\u003cbr\u003e"
}
],
"value": "a. Quantum HD version 10.22 through Version 11 is a previous product platform and is End Of support platform and should be upgraded to new platform with Quantum HD Unity version 12 and above.\u00a0\n\nThe update procedure can be found here:\u00a0 https://www.johnsoncontrols.com/trust-center/cybersecurity/security-advisories"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Johnson Controls -Frick Quantum HD- Unauthenticated Remote Code Execution",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7281d04a-a537-43df-bfb4-fa4110af9d01",
"assignerShortName": "jci",
"cveId": "CVE-2026-21657",
"datePublished": "2026-02-27T08:54:28.236Z",
"dateReserved": "2026-01-02T13:23:28.169Z",
"dateUpdated": "2026-03-06T18:41:29.078Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-21656 (GCVE-0-2026-21656)
Vulnerability from cvelistv5 – Published: 2026-02-27 08:47 – Updated: 2026-03-06 18:42- CWE-94 - Improper Control of Generation of Code ('Code Injection')
| Vendor | Product | Version | |
|---|---|---|---|
| Johnson Controls | Frick Controls Quantum HD |
Affected:
Frick Controls Quantum HD version 10.22 and prior
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-21656",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-27T16:35:47.486866Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-06T18:42:45.757Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Frick Controls Quantum HD",
"vendor": "Johnson Controls",
"versions": [
{
"status": "affected",
"version": "Frick Controls Quantum HD version 10.22 and prior"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Noam Moshe of Claroty Team 82 Research group"
}
],
"datePublic": "2026-02-26T08:40:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Control of Generation of Code (\u0027Code Injection\u0027) vulnerability in Johnson Controls Frick Controls Quantum HD allows Code Injection.\u0026nbsp;Insufficient validation of input in certain parameters may permit unexpected actions, which could impact the security of the device before authentication occurs.\u003cp\u003eThis issue affects Frick Controls Quantum HD version 10.22 and prior.\u003c/p\u003e"
}
],
"value": "Improper Control of Generation of Code (\u0027Code Injection\u0027) vulnerability in Johnson Controls Frick Controls Quantum HD allows Code Injection.\u00a0Insufficient validation of input in certain parameters may permit unexpected actions, which could impact the security of the device before authentication occurs.This issue affects Frick Controls Quantum HD version 10.22 and prior."
}
],
"impacts": [
{
"capecId": "CAPEC-242",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-242 Code Injection"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-27T08:47:21.490Z",
"orgId": "7281d04a-a537-43df-bfb4-fa4110af9d01",
"shortName": "jci"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-057-01"
},
{
"url": "https://www.johnsoncontrols.com/trust-center/cybersecurity/security-advisories"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "a. Quantum HD version 10.22 through Version 11 is a previous product platform and is End Of support platform and should be upgraded to new platform with Quantum HD Unity version 12 and above. The update procedure can be found here:\u0026nbsp;\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://frickcontrolsblob.file.core.windows.net/frickweb1/Quantum-HD-Unity/Quantum_HD_Unity_Software_Update_Procedure.pdf?sv=2018-03-28\u0026amp;si=frickweb1-174C1294FA7\u0026amp;sr=f\u0026amp;sig=us0dhk6IWmCvmDvBs02yJvC%2BjnzbxqZmb4QEpVVDkxY%3D\"\u003ehttps://frickcontrolsblob.file.core.windows.net/frickweb1/Quantum-HD-Unity/Quantum_HD_Unity_Software...\u003c/a\u003e\u003cbr\u003eb. After the upgrade to version 12 is completed, ensure full alignment with hardening guide and apply all relevant security configurations.\u003cbr\u003ed. For more detailed mitigation instructions, please see Johnson Controls Product Security Advisory JCI-PSA-2026-05 at the following location \u003cbr\u003e\u003cbr\u003e"
}
],
"value": "a. Quantum HD version 10.22 through Version 11 is a previous product platform and is End Of support platform and should be upgraded to new platform with Quantum HD Unity version 12 and above. The update procedure can be found here:\u00a0 https://frickcontrolsblob.file.core.windows.net/frickweb1/Quantum-HD-Unity/Quantum_HD_Unity_Software... https://frickcontrolsblob.file.core.windows.net/frickweb1/Quantum-HD-Unity/Quantum_HD_Unity_Software_Update_Procedure.pdf \nb. After the upgrade to version 12 is completed, ensure full alignment with hardening guide and apply all relevant security configurations.\nd. For more detailed mitigation instructions, please see Johnson Controls Product Security Advisory JCI-PSA-2026-05 at the following location"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Johnson Controls -Frick Quantum HD- Unauthenticated Remote Code Execution",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7281d04a-a537-43df-bfb4-fa4110af9d01",
"assignerShortName": "jci",
"cveId": "CVE-2026-21656",
"datePublished": "2026-02-27T08:47:21.490Z",
"dateReserved": "2026-01-02T13:23:28.169Z",
"dateUpdated": "2026-03-06T18:42:45.757Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-21537 (GCVE-0-2026-21537)
Vulnerability from cvelistv5 – Published: 2026-02-10 17:51 – Updated: 2026-05-11 21:25- CWE-94 - Improper Control of Generation of Code ('Code Injection')
| URL | Tags |
|---|---|
| https://msrc.microsoft.com/update-guide/vulnerabi… | vendor-advisorypatch |
| Vendor | Product | Version | |
|---|---|---|---|
| Microsoft | Microsoft Defender for Endpoint for Linux |
Affected:
101.0.0 , < 1.0.9.0
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-21537",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-11T04:55:57.681192Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T14:44:45.605Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Microsoft Defender for Endpoint for Linux",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "1.0.9.0",
"status": "affected",
"version": "101.0.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:defender_for_endpoint:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.0.9.0",
"versionStartIncluding": "101.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2026-02-10T16:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "Improper control of generation of code (\u0027code injection\u0027) in Microsoft Defender for Linux allows an unauthorized attacker to execute code over an adjacent network."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94: Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T21:25:33.944Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "Microsoft Defender for Endpoint Linux Extension Remote Code Execution Vulnerability",
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21537"
}
],
"title": "Microsoft Defender for Endpoint Linux Extension Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2026-21537",
"datePublished": "2026-02-10T17:51:32.870Z",
"dateReserved": "2025-12-30T18:10:54.848Z",
"dateUpdated": "2026-05-11T21:25:33.944Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-21256 (GCVE-0-2026-21256)
Vulnerability from cvelistv5 – Published: 2026-02-10 17:51 – Updated: 2026-05-11 21:25| URL | Tags |
|---|---|
| https://msrc.microsoft.com/update-guide/vulnerabi… | vendor-advisorypatch |
| Vendor | Product | Version | |
|---|---|---|---|
| Microsoft | Microsoft Visual Studio 2022 version 17.14 |
Affected:
17.14.0 , < 17.14.26
(custom)
|
|
| Microsoft | Microsoft Visual Studio 2026 version 18.3 |
Affected:
18.3.0 , < 18.3.0
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-21256",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-11T04:56:10.469863Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T14:44:43.180Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Microsoft Visual Studio 2022 version 17.14",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.14.26",
"status": "affected",
"version": "17.14.0",
"versionType": "custom"
}
]
},
{
"product": "Microsoft Visual Studio 2026 version 18.3",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "18.3.0",
"status": "affected",
"version": "18.3.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
"versionEndExcluding": "17.14.26",
"versionStartIncluding": "17.14.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:visual_studio_2026:*:*:*:*:*:*:*:*",
"versionEndExcluding": "18.3.0",
"versionStartIncluding": "18.3.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2026-02-10T16:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "Improper neutralization of special elements used in a command (\u0027command injection\u0027) in GitHub Copilot and Visual Studio allows an unauthorized attacker to execute code over a network."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "CWE-77: Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
"lang": "en-US",
"type": "CWE"
},
{
"cweId": "CWE-94",
"description": "CWE-94: Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T21:25:39.432Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "GitHub Copilot and Visual Studio Remote Code Execution Vulnerability",
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21256"
}
],
"title": "GitHub Copilot and Visual Studio Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2026-21256",
"datePublished": "2026-02-10T17:51:38.364Z",
"dateReserved": "2025-12-11T21:02:05.737Z",
"dateUpdated": "2026-05-11T21:25:39.432Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-20892 (GCVE-0-2026-20892)
Vulnerability from cvelistv5 – Published: 2026-03-11 05:25 – Updated: 2026-03-11 15:39- CWE-94 - Code injection
| Vendor | Product | Version | |
|---|---|---|---|
| Micro Research Ltd. | MR-GM5L-S1 |
Affected:
firmware versions prior to v2.01.04N1_02
|
|
| Micro Research Ltd. | MR-GM5A-L1 |
Affected:
firmware versions prior to v2.01.04N1_02
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-20892",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-11T15:37:30.516008Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-11T15:39:46.667Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "MR-GM5L-S1",
"vendor": "Micro Research Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware versions prior to v2.01.04N1_02"
}
]
},
{
"product": "MR-GM5A-L1",
"vendor": "Micro Research Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware versions prior to v2.01.04N1_02"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Code injection vulnerability exists in MR-GM5L-S1 and MR-GM5A-L1, which may allow an attacker with administrative privileges to execute arbitrary commands."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 7.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"baseScore": 8.6,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "Code injection",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-11T05:25:15.694Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.mrl.co.jp/download/security/JVNVU98103854.pdf"
},
{
"url": "https://jvn.jp/en/vu/JVNVU98103854/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2026-20892",
"datePublished": "2026-03-11T05:25:15.694Z",
"dateReserved": "2026-03-10T01:23:02.687Z",
"dateUpdated": "2026-03-11T15:39:46.667Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
GCVE-1-2026-20134 (CVE-2026-56446)
Vulnerability from gna-1 – Published: 2026-06-22 12:31 – Updated: 2026-06-23 05:57- CWE-94 - Improper Control of Generation of Code ('Code Injection')
| URL | Tags |
|---|---|
| https://github.com/MISP/MISP/commit/9600d486ccfc9… | patch |
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "misp",
"repo": "https://github.com/MISP/MISP/",
"vendor": "misp",
"versions": [
{
"lessThanOrEqual": "2.5.41",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Jakub Chyli\u0144ski"
},
{
"lang": "en",
"type": "remediation developer",
"value": "Andras Iklody"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eMISP allowed a site administrator to configure an arbitrary filesystem path for the NDJSON error log used by \u003ccode\u003eJsonLogTool\u003c/code\u003e. Because log entries can include attacker-controlled content, an authenticated attacker with site administrator privileges could direct log output to a PHP file in a web-accessible directory and inject PHP code through logged data. Accessing the resulting file could lead to remote code execution with the privileges of the web server process.\u003c/p\u003e\u003cp\u003eThe fix restricts log destinations to existing directories beneath \u003ccode\u003eAPP/tmp/logs\u003c/code\u003e or \u003ccode\u003e/var/log\u003c/code\u003e, requires absolute paths, rejects stream wrappers and traversal-related input, and limits filenames to \u003ccode\u003e.log\u003c/code\u003e or \u003ccode\u003e.ndjson\u003c/code\u003e extensions while disallowing executable extension segments.\u003c/p\u003e"
}
],
"value": "MISP allowed a site administrator to configure an arbitrary filesystem path for the NDJSON error log used by JsonLogTool. Because log entries can include attacker-controlled content, an authenticated attacker with site administrator privileges could direct log output to a PHP file in a web-accessible directory and inject PHP code through logged data. Accessing the resulting file could lead to remote code execution with the privileges of the web server process.\n\nThe fix restricts log destinations to existing directories beneath APP/tmp/logs or /var/log, requires absolute paths, rejects stream wrappers and traversal-related input, and limits filenames to .log or .ndjson extensions while disallowing executable extension segments."
}
],
"impacts": [
{
"capecId": "CAPEC-242",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-242 Code Injection"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"orgId": "00000000-0000-4000-9000-000000000000"
},
"references": [
{
"tags": [
"patch"
],
"url": "https://github.com/MISP/MISP/commit/9600d486ccfc98388e13897fd954350cebac5fb0"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Authenticated Remote Code Execution via Arbitrary NDJSON Error Log Path in MISP",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "00000000-0000-4000-9000-000000000000",
"cveId": "CVE-2026-56446",
"datePublished": "2026-06-22T12:31:00.000Z",
"dateReserved": "2026-06-22T12:31:00.000Z",
"dateUpdated": "2026-06-23T05:57:05.092862Z",
"requesterUserId": "00000000-0000-4000-9000-000000000000",
"serial": 1,
"state": "PUBLISHED",
"vulnId": "gcve-1-2026-20134"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Mitigation
Strategy: Refactoring
Refactor your program so that you do not have to dynamically generate code.
Mitigation
- Run your code in a "jail" or similar sandbox environment that enforces strict boundaries between the process and the operating system. This may effectively restrict which code can be executed by your product.
- Examples include the Unix chroot jail and AppArmor. In general, managed code may provide some protection.
- This may not be a feasible solution, and it only limits the impact to the operating system; the rest of your application may still be subject to compromise.
- Be careful to avoid CWE-243 and other weaknesses related to jails.
Mitigation MIT-5
Strategy: Input Validation
- Assume all input is malicious. Use an "accept known good" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.
- When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, "boat" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as "red" or "blue."
- Do not rely exclusively on looking for malicious or malformed inputs. This is likely to miss at least one undesirable input, especially if the code's environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright.
- To reduce the likelihood of code injection, use stringent allowlists that limit which constructs are allowed. If you are dynamically constructing code that invokes a function, then verifying that the input is alphanumeric might be insufficient. An attacker might still be able to reference a dangerous function that you did not intend to allow, such as system(), exec(), or exit().
Mitigation
Use dynamic tools and techniques that interact with the product using large test suites with many diverse inputs, such as fuzz testing (fuzzing), robustness testing, and fault injection. The product's operation may slow down, but it should not become unstable, crash, or generate incorrect results.
Mitigation MIT-32
Strategy: Compilation or Build Hardening
Run the code in an environment that performs automatic taint propagation and prevents any command execution that uses tainted variables, such as Perl's "-T" switch. This will force the program to perform validation steps that remove the taint, although you must be careful to correctly validate your inputs so that you do not accidentally mark dangerous inputs as untainted (see CWE-183 and CWE-184).
Mitigation MIT-32
Strategy: Environment Hardening
Run the code in an environment that performs automatic taint propagation and prevents any command execution that uses tainted variables, such as Perl's "-T" switch. This will force the program to perform validation steps that remove the taint, although you must be careful to correctly validate your inputs so that you do not accidentally mark dangerous inputs as untainted (see CWE-183 and CWE-184).
Mitigation
For Python programs, it is frequently encouraged to use the ast.literal_eval() function instead of eval, since it is intentionally designed to avoid executing code. However, an adversary could still cause excessive memory or stack consumption via deeply nested structures [REF-1372], so the python documentation discourages use of ast.literal_eval() on untrusted data [REF-1373].
CAPEC-242: Code Injection
An adversary exploits a weakness in input validation on the target to inject new code into that which is currently executing. This differs from code inclusion in that code inclusion involves the addition or replacement of a reference to a code file, which is subsequently loaded by the target and used as part of the code of some application.
CAPEC-35: Leverage Executable Code in Non-Executable Files
An attack of this type exploits a system's trust in configuration and resource files. When the executable loads the resource (such as an image file or configuration file) the attacker has modified the file to either execute malicious code directly or manipulate the target process (e.g. application server) to execute based on the malicious configuration parameters. Since systems are increasingly interrelated mashing up resources from local and remote sources the possibility of this attack occurring is high.
CAPEC-77: Manipulating User-Controlled Variables
This attack targets user controlled variables (DEBUG=1, PHP Globals, and So Forth). An adversary can override variables leveraging user-supplied, untrusted query variables directly used on the application server without any data sanitization. In extreme cases, the adversary can change variables controlling the business logic of the application. For instance, in languages like PHP, a number of poorly set default configurations may allow the user to override variables.