CVE-2026-1414 | Sangfor Operation and Maintenance Security Management System HTTP POST Request get_Information getInformation command injection

Inserito da Angelo Barbosa | Gen 25, 2026 | CVE

A vulnerability described as critical has been identified in Sangfor Operation and Maintenance Security Management System up to 3.0.12. This impacts the function getInformation of the file /equipment/get_Information of the component HTTP POST Request Handler. Executing a manipulation of the argument fortEquipmentIp can lead to command injection.

This vulnerability is tracked as CVE-2026-1414. The attack can be launched remotely. Moreover, an exploit is present.

CVE-2026-1414 | Sangfor Operation and Maintenance Security Management System HTTP POST Request get_Information getInformation command injection

Post correlati

CVE-2024-40585 | Fortinet FortiAnalyzer log file (FG-IR-24-311)

CVE-2025-10674 | fuyang_lipengjun platform 1.0 queryAll AttributeCategoryController improper authorization

CVE-2025-11955 | TheGreenBow VPN Client Windows Enterprise 7.5/7.6 OCSP Certificate improper check for certificate revocation

CVE-2024-1575 | Zyxel WBE660S up to 6.70(ACGG.3) Configuration File privileges management