A vulnerability was found in Shibby Tomato up to 1.28.0000. It has been classified as critical. Affected is the function getupsvar of the file www/apcupsd/tomatodata.cgi of the component apcupsd. This manipulation of the argument Field causes stack-based buffer overflow.

This vulnerability appears as CVE-2026-15544. The attack may be initiated remotely. In addition, an exploit is available.

This project is superseded by FreshTomato.