A vulnerability was found in Shibby Tomato up to 1.28.0000. It has been rated as critical. Affected by this issue is the function sub_2D568 of the component start_jffs2. Performing a manipulation of the argument jffs2_exec results in os command injection.

This vulnerability is known as CVE-2026-15546. Remote exploitation of the attack is possible. Furthermore, an exploit is available.

This project is superseded by FreshTomato.