CVE-2026-3587
CLI Prompt Escape Vulnerability Enables Unauthenticated Root Access
Publication date: 2026-03-23
Last updated on: 2026-03-24
Assigner: CERT VDE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| wago | gmbh_and_co_kg | 852-1305 |
| wago | gmbh_and_co_kg | 852-1505 |
| wago | gmbh_and_co_kg | 852-1605 |
| wago | gmbh_and_co_kg | to 1.2.0.S1 (exc) |
| wago | gmbh_and_co_kg | 852-1816 |
| wago | gmbh_and_co_kg | 852-602 |
| wago | gmbh_and_co_kg | 852-603 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-912 | The product contains functionality that is not documented, not part of the specification, and not accessible through an interface or command sequence that is obvious to the product's users or administrators. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
[{'type': 'paragraph', 'content': "CVE-2026-3587 is a vulnerability in multiple models of WAGO managed switches that allows an unauthenticated remote attacker to exploit a hidden function in the device's CLI prompt."}, {'type': 'paragraph', 'content': 'By exploiting this hidden function, the attacker can escape the restricted interface and gain root access to the underlying Linux-based operating system.'}, {'type': 'paragraph', 'content': 'This leads to a full compromise of the device, affecting its confidentiality, integrity, and availability.'}] [1]
How can this vulnerability impact me? :
This vulnerability can have severe impacts as it allows an unauthenticated attacker to fully compromise affected WAGO managed switches remotely.
- Complete control over the device by gaining root access.
- Potential loss of confidentiality, integrity, and availability of the device and its data.
- Disruption of network operations relying on the compromised device.
- Possible use of the compromised device as a foothold for further attacks within the network.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
I don't know
What immediate steps should I take to mitigate this vulnerability?
To mitigate the CVE-2026-3587 vulnerability, you should update the affected WAGO managed switches to the fixed firmware versions provided by the vendor.
- Update to firmware version V1.2.1.S1 for Lean Managed Switch models 852-1812 and 852-1813.
- Update to firmware version V1.2.3.S1 for model 852-1813/000-001.
- Update to firmware version V1.2.8.S1 for Industrial Managed Switch 852-303.
- Apply corresponding fixed firmware versions for other affected models as listed in the advisory.
These updates close the hidden CLI function exploit that allows unauthenticated remote attackers to gain root access and fully compromise the device.