CVE-2026-1427
Unknown Unknown - Not Provided
OS Command Injection in WellChoose Organization Portal Allows Remote Execution

Publication date: 2026-01-26

Last updated on: 2026-03-11

Assigner: TWCERT/CC

Description
Organization Portal System developed by WellChoose has a OS Command Injection vulnerability, allowing authenticated remote attackers to inject arbitrary OS commands and execute them on the server.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-01-26
Last Modified
2026-03-11
Generated
2026-06-16
AI Q&A
2026-01-26
EPSS Evaluated
2026-06-15
NVD
CVE-2026-1427
EUVD
EUVD-2026-4707
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
wellchoose single_sign-on_portal_system to iftop_p4_181 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-78 The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-1427 is an OS Command Injection vulnerability in the Organization Portal System developed by WellChoose. It allows authenticated remote attackers to inject and execute arbitrary operating system commands on the server, potentially compromising the system. This means that an attacker who has valid credentials can run malicious commands on the server, leading to serious security risks. [1, 2]

Impact Analysis

This vulnerability can have a high impact on confidentiality, integrity, and availability of the affected system. An attacker can execute arbitrary OS commands remotely, which may lead to unauthorized data access, data modification, or disruption of services. Because the attack requires only low privileges and no user interaction, it poses a significant risk to the security and stability of the server. [1, 2]

Mitigation Strategies

The immediate step to mitigate this vulnerability is to update the affected systems (Electronic Catalog Service System and Single Sign-On Portal System) to version IFTOP_P4_181 or later. [1, 2]

Compliance Impact

The provided resources do not contain information regarding the impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-1427. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart