CVE-2026-1414
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2026-01-26

Last updated on: 2026-04-29

Assigner: VulDB

Description
A vulnerability was determined in Sangfor Operation and Maintenance Security Management System up to 3.0.12. This impacts the function getInformation of the file /equipment/get_Information of the component HTTP POST Request Handler. Executing a manipulation of the argument fortEquipmentIp can lead to command injection. The attack can be launched remotely. The exploit has been publicly disclosed and may be utilized.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-01-26
Last Modified
2026-04-29
Generated
2026-06-16
AI Q&A
2026-01-26
EPSS Evaluated
2026-06-15
NVD
CVE-2026-1414
EUVD
EUVD-2026-4688
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
sangfor operation_and_maintenance_security_management_system to 3.0.12 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-77 The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.
CWE-74 The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-1414 is a critical command injection vulnerability in the Sangfor Operation and Maintenance Security Management System (OSM) up to version 3.0.12. The flaw exists in the HTTP POST request handler function getInformation, specifically in the handling of the fortEquipmentIp parameter. This parameter is directly concatenated into a bash command without proper input validation or sanitization, allowing an attacker to inject arbitrary shell commands. These commands are executed with the privileges of the web application user. The vulnerability can be exploited remotely by sending a crafted POST request, leading to remote command execution on the affected system. [1, 2, 3]

Impact Analysis

This vulnerability can impact you by allowing an attacker to execute arbitrary commands on your system remotely, potentially compromising the confidentiality, integrity, and availability of the affected system. An attacker could run malicious commands with the privileges of the web application user, which may lead to unauthorized access, data leakage, system manipulation, or service disruption. Since the exploit is publicly available and easy to use, the risk of exploitation is significant. [1, 2, 3]

Detection Guidance

This vulnerability can be detected by sending a crafted HTTP POST request to the endpoint /equipment/get_Information with a malicious fortEquipmentIp parameter that includes command injection payloads. For example, you can test by sending a POST request with fortEquipmentIp set to a value like '80; id > /tmp/test.txt;' and then check if the command output is reflected in the response or if the file /tmp/test.txt is created on the server. The presence of output such as user id information (e.g., uid=1005(webuser)) in the JSON response under the chkClsSer key confirms exploitation. Additionally, FOFA query `body="/fort/login" && product="SANGFOR-运维安全管理系统"` can be used to identify affected systems on the network. [2]

Mitigation Strategies

Currently, there are no known mitigations or countermeasures available for this vulnerability. The suggested immediate step is to replace the affected product version (up to 3.0.12) with an alternative solution that is not vulnerable. Monitoring for exploitation attempts and restricting access to the affected endpoint may help reduce risk temporarily, but the primary mitigation is to upgrade or replace the vulnerable system. [1]

Compliance Impact

This vulnerability impacts the confidentiality, integrity, and availability of the affected system by allowing remote command injection, which could lead to unauthorized access or control over sensitive data. Such impacts can lead to non-compliance with standards and regulations like GDPR and HIPAA that require protection of sensitive information and system integrity. However, no specific details about compliance impact or regulatory violations are provided in the available resources. [1]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-1414. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart