CVE-2026-11408 | vertex-app vertex up to 2026.02.12 Log Viewer Endpoint app/model/LogMod.js req.query os command injection

Inserito da Angelo Barbosa | Giu 5, 2026 | CVE

A vulnerability labeled as critical has been found in vertex-app vertex up to 2026.02.12. This issue affects some unknown processing of the file app/model/LogMod.js of the component Log Viewer Endpoint. Such manipulation of the argument req.query leads to os command injection.

This vulnerability is documented as CVE-2026-11408. The attack can be executed remotely. Additionally, an exploit exists.

It is best practice to apply a patch to resolve this issue.

CVE-2026-11408 | vertex-app vertex up to 2026.02.12 Log Viewer Endpoint app/model/LogMod.js req.query os command injection

Post correlati

CVE-2024-47126 | goTenna Pro Series up to 1.6.1 weak prng (icsa-24-270-04)

CVE-2026-23940 | hexpm hex.pm resource consumption

CVE-2025-22821 | vfthemes StorePress Plugin up to 1.0.12 on WordPress cross site scripting

CVE-2026-1341 | Avation Light Engine Pro missing authentication (icsa-26-034-02)