CVE-2026-11408

Exploit

EPSS 1.11%
Veröffentlicht 06.06.2026 10:30:10
Zuletzt bearbeitet 08.06.2026 14:57:14
Quelle cna@vuldb.com
CVE-Watchlists
Login
Unerledigt
Login

vertex-app vertex Log Viewer Endpoint LogMod.js os command injection

A vulnerability was identified in vertex-app vertex up to 2026.02.12. This issue affects some unknown processing of the file app/model/LogMod.js of the component Log Viewer Endpoint. Such manipulation of the argument req.query leads to os command injection. The attack can be executed remotely. The exploit is publicly available and might be used. The name of the patch is 805d82e7100d49b79b3beb1b9420e8e458987198. It is best practice to apply a patch to resolve this issue.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 2 Referenzen 11

CNA 1 VulnDex Vulnerability Enrichment 1

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

Herstellervertex-app

≫

Produkt vertex

Version 2026.02.0

Status affected

Version 2026.02.1

Status affected

Version 2026.02.2

Status affected

Version 2026.02.3

Status affected

Version 2026.02.4

Status affected

Version 2026.02.5

Status affected

Version 2026.02.6

Status affected

Version 2026.02.7

Status affected

Version 2026.02.8

Status affected

Version 2026.02.9

Status affected

Version 2026.02.10

Status affected

Version 2026.02.11

Status affected

Version 2026.02.12

Status affected

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	1.11%	0.617

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
cna@vuldb.com	6.3	2.8	3.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
cna@vuldb.com	2.1	0	0	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
cna@vuldb.com	6.5	8	6.4	AV:N/AC:L/Au:S/C:P/I:P/A:P

CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')

The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.

CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

https://vuldb.com/vuln/368967

https://vuldb.com/vuln/368967/cti

https://vuldb.com/cve/CVE-2026-11408

https://vuldb.com/submit/818442

https://gist.github.com/menelausx/e632faba4014474fcef6a1f541ca3e4e

https://drive.google.com/drive/folders/1DO-kB1eUoB1CksJ_ZKzpUaX0kp5Rgm_T?usp=sharing

https://github.com/vertex-app/vertex/commit/805d82e7100d49b79b3beb1b9420e8e458987198

https://github.com/vertex-app/vertex/

https://nvd.nist.gov/vuln/detail/CVE-2026-11408

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-11408

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-11408

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2026-11408