A vulnerability classified as critical has been found in SonicCloudOrg sonic-agent up to 2.7.2. This affects an unknown function of the file sonic-server-controller/src/main/java/org/cloud/sonic/controller/controller/ExchangeController.java of the component JWT Authentication Filter. This manipulation causes code injection. This vulnerability only affects products that are no longer supported by the maintainer.
This vulnerability appears as CVE-2026-15497. The attack may be initiated remotely. In addition, an exploit is available.
The vendor was contacted early about this disclosure but did not respond in any way.