CVE-2026-4170 | Topsec TopACM 3.0 HTTP Request nmc_sync.php template_path os command injection

A vulnerability described as critical has been identified in Topsec TopACM 3.0. Affected by this vulnerability is an unknown functionality of the file /view/systemConfig/management/nmc_sync.php of the component HTTP Request Handler. Executing a manipulation of the argument template_path can lead to os command injection.

This vulnerability is handled as CVE-2026-4170. The attack can be executed remotely. Additionally, an exploit exists.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2026-4170 | Topsec TopACM 3.0 HTTP Request nmc_sync.php template_path os command injection

Post correlati

CVE-2025-6253 | UiCore Elements Plugin up to 1.3.0 on WordPress prepare_template authorization

CVE-2025-15458 | bg5sbk MiniCMS up to 1.8 Article /mc-admin/post-edit.php improper authentication

CVE-2025-53492 | MintyDocs Extension up to 1.39.x/1.42.x/1.43.1 on Mediawiki cross site scripting

CVE-2024-49360 | sandboxie-plus Sandboxie up to 5.69.5 on Windows explorer.exe path traversal (GHSA-4chj-3c28-gvmp)