CVE-2026-1185
Received Received - Intake
Improper Input Validation in Axis Device Configuration File

Publication date: 2026-05-12

Last updated on: 2026-05-12

Assigner: Axis Communications AB

Description
A configuration file on the local file system had improper input validation which could allow code execution and potentially lead to privilege escalation. This vulnerability can only be exploited if an attacker canΒ log in to the Axis device using SSH.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-12
Last Modified
2026-05-12
Generated
2026-05-12
AI Q&A
2026-05-12
EPSS Evaluated
N/A
NVD
CVE-2026-1185
EUVD
EUVD-2026-29386
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
axis axis_os From 12.0.0 (inc) to 12.10.36 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-732 The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

CVE-2026-1185 is a vulnerability in AXIS OS versions 12.0.0 through 12.10.36 caused by improper input validation in a local configuration file. This flaw could allow an attacker who has SSH access to the device to execute code and potentially escalate their privileges on the system.


How can this vulnerability impact me? :

If exploited, this vulnerability could allow an attacker with SSH access to execute arbitrary code on the device and potentially escalate their privileges. This could lead to unauthorized control over the device, impacting its integrity and availability.


How can this vulnerability be detected on my network or system? Can you suggest some commands?

This vulnerability involves improper input validation in a local configuration file on Axis devices running AXIS OS versions 12.0.0 through 12.10.36. Detection requires verifying the device software version and checking for unauthorized SSH access.

Since exploitation requires SSH login, monitoring SSH access logs on the device can help detect potential attempts.

To detect if your device is vulnerable, you can check the AXIS OS version by running a command on the device's CLI such as:

  • show version

If the version is between 12.0.0 and 12.10.36, the device is vulnerable and should be updated.

Additionally, reviewing SSH login attempts can be done by checking the SSH logs, for example:

  • cat /var/log/auth.log | grep ssh

Note that no public exploits are known, so detection focuses on version checking and monitoring SSH access.


What immediate steps should I take to mitigate this vulnerability?

The immediate mitigation step is to update the AXIS OS software on your device to version 12.10.37 or later, where the vulnerability has been patched.

Restrict SSH access to trusted users only, and monitor SSH login attempts to prevent unauthorized access.

If updating immediately is not possible, consider disabling SSH access temporarily to reduce the risk of exploitation.

Contact Axis technical support for further assistance and guidance on securing your device.


How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:

The provided information does not specify how this vulnerability affects compliance with common standards and regulations such as GDPR or HIPAA.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart