CVE-2026-40456

Sažetak

An OS Command Injection vulnerability exists in LMS (LAN Management System) before commit 9fcb4de due to an IP address parameter being passed to the "exec()" function without proper validation, allowing attackers to execute arbitrary operating system commands.

Reference

https://cert.pl/posts/2026/06/CVE-2026-40455
https://github.com/chilek/lms/commit/9fcb4de19b7d76394898dbc124252b86b07ac0ed
https://lms.org.pl/

CVSS

Base:	0.0
Impact:	None
Exploitability:	None

Pristup

Vektor	Složenost	Autentikacija
None	None	None

Impact

Povjerljivost	Cjelovitost	Dostupnost
None	None	None

CVSS vektor

None

Zadnje važnije ažuriranje

22-06-2026 - 17:49

Objavljeno

18-06-2026 - 14:17