CVE-2026-1414 | Sangfor Operation and Maintenance Security Management System HTTP POST Request get_Information getInformation command injection

Inserito da Angelo Barbosa | Gen 25, 2026 | CVE

A vulnerability described as critical has been identified in Sangfor Operation and Maintenance Security Management System up to 3.0.12. This impacts the function getInformation of the file /equipment/get_Information of the component HTTP POST Request Handler. Executing a manipulation of the argument fortEquipmentIp can lead to command injection.

This vulnerability is tracked as CVE-2026-1414. The attack can be launched remotely. Moreover, an exploit is present.

CVE-2026-1414 | Sangfor Operation and Maintenance Security Management System HTTP POST Request get_Information getInformation command injection

Post correlati

CVE-2024-30633 | Tenda FH1205 2.0.0.7(775) /goform/WifiBasicSet formWifiBasicSet security stack-based overflow

CVE-2025-0374 | FreeBSD up to 13.4 p2/14.1 p6/14.2 etcupdate conflicts permission assignment

CVE-2025-13970 | OpenPLC v3 Setting cross-site request forgery

CVE-2024-43112 | Mozilla Firefox up to 128 on iOS Download Link cross site scripting