CVE-2026-5967
Privilege Escalation in ThreatSonar Anti-Ransomware via OS Command Injection
Publication date: 2026-04-20
Last updated on: 2026-04-20
Assigner: TWCERT/CC
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| teamt5 | threatsonar_anti_ransomware | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-78 | The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in ThreatSonar Anti-Ransomware developed by TeamT5. It is a Privilege Escalation vulnerability that allows authenticated remote attackers who already have shell access to inject operating system commands and execute them with root privileges.
How can this vulnerability impact me? :
The impact of this vulnerability is severe because it allows attackers with limited privileges to escalate their access to root level. This means they can execute any command on the affected system with the highest level of privileges, potentially leading to full system compromise, data theft, or disruption of services.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The CVE-2026-5967 vulnerability allows authenticated remote attackers to escalate privileges and execute commands with root access, leading to full system compromise.
Such a vulnerability impacts confidentiality, integrity, and availability of data at high levels, which are critical aspects in compliance with standards like GDPR and HIPAA.
Failure to mitigate this vulnerability could result in unauthorized access to sensitive data, potentially violating data protection and privacy regulations.
Mitigation by installing the vendor-provided hotpatch is recommended to reduce the risk and help maintain compliance.
What immediate steps should I take to mitigate this vulnerability?
To mitigate the CVE-2026-5967 vulnerability in ThreatSonar Anti-Ransomware versions 4.0.0 and earlier, you should install the hotpatch or patch version 20260302 provided by the vendor.
This patch addresses the privilege escalation flaw that allows authenticated remote attackers with shell access to inject and execute OS commands with root privileges.