CVE-2026-1414
BaseFortify
Publication date: 2026-01-26
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| sangfor | operation_and_maintenance_security_management_system | to 3.0.12 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-77 | The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component. |
| CWE-74 | The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-1414 is a critical command injection vulnerability in the Sangfor Operation and Maintenance Security Management System (OSM) up to version 3.0.12. The flaw exists in the HTTP POST request handler function getInformation, specifically in the handling of the fortEquipmentIp parameter. This parameter is directly concatenated into a bash command without proper input validation or sanitization, allowing an attacker to inject arbitrary shell commands. These commands are executed with the privileges of the web application user. The vulnerability can be exploited remotely by sending a crafted POST request, leading to remote command execution on the affected system. [1, 2, 3]
How can this vulnerability impact me? :
This vulnerability can impact you by allowing an attacker to execute arbitrary commands on your system remotely, potentially compromising the confidentiality, integrity, and availability of the affected system. An attacker could run malicious commands with the privileges of the web application user, which may lead to unauthorized access, data leakage, system manipulation, or service disruption. Since the exploit is publicly available and easy to use, the risk of exploitation is significant. [1, 2, 3]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by sending a crafted HTTP POST request to the endpoint /equipment/get_Information with a malicious fortEquipmentIp parameter that includes command injection payloads. For example, you can test by sending a POST request with fortEquipmentIp set to a value like '80; id > /tmp/test.txt;' and then check if the command output is reflected in the response or if the file /tmp/test.txt is created on the server. The presence of output such as user id information (e.g., uid=1005(webuser)) in the JSON response under the chkClsSer key confirms exploitation. Additionally, FOFA query `body="/fort/login" && product="SANGFOR-运维安全管理系统"` can be used to identify affected systems on the network. [2]
What immediate steps should I take to mitigate this vulnerability?
Currently, there are no known mitigations or countermeasures available for this vulnerability. The suggested immediate step is to replace the affected product version (up to 3.0.12) with an alternative solution that is not vulnerable. Monitoring for exploitation attempts and restricting access to the affected endpoint may help reduce risk temporarily, but the primary mitigation is to upgrade or replace the vulnerable system. [1]
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
This vulnerability impacts the confidentiality, integrity, and availability of the affected system by allowing remote command injection, which could lead to unauthorized access or control over sensitive data. Such impacts can lead to non-compliance with standards and regulations like GDPR and HIPAA that require protection of sensitive information and system integrity. However, no specific details about compliance impact or regulatory violations are provided in the available resources. [1]