CVE-2026-0774
Remote Code Execution via Argument Injection in WatchYourLAN
Publication date: 2026-01-23
Last updated on: 2026-01-23
Assigner: Zero Day Initiative
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| watchyourlan | watchyourlan | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-88 | The product constructs a string for a command to be executed by a separate component in another control sphere, but it does not properly delimit the intended arguments, options, or switches within that command string. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-0774 is a remote code execution vulnerability in WatchYourLAN's configuration page. It occurs because the software does not properly validate the 'arpstrs' parameter before using it in a system call. This allows an attacker who is network-adjacent to execute arbitrary code on the affected system without needing to authenticate, running with the privileges of the service account. [1]
How can this vulnerability impact me? :
This vulnerability can have a severe impact as it allows an attacker to execute arbitrary code remotely without authentication. This can lead to full compromise of the affected system, including unauthorized access, data theft, data modification, or disruption of service, since the attacker gains the same privileges as the service account running WatchYourLAN. [1]