CVE-2026-1185
Analyzed Analyzed - Analysis Complete
Improper Input Validation in Axis Device Configuration File

Publication date: 2026-05-12

Last updated on: 2026-05-19

Assigner: Axis Communications AB

Description
A configuration file on the local file system had improper input validation which could allow code execution and potentially lead to privilege escalation. This vulnerability can only be exploited if an attacker canΒ log in to the Axis device using SSH.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-12
Last Modified
2026-05-19
Generated
2026-06-21
AI Q&A
2026-05-12
EPSS Evaluated
2026-06-20
NVD
CVE-2026-1185
EUVD
EUVD-2026-29386
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
axis axis_os From 12.0.0 (inc) to 12.10.37 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-732 The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-1185 is a vulnerability in AXIS OS versions 12.0.0 through 12.10.36 caused by improper input validation in a local configuration file. This flaw could allow an attacker who has SSH access to the device to execute code and potentially escalate their privileges on the system.

Impact Analysis

If exploited, this vulnerability could allow an attacker with SSH access to execute arbitrary code on the device and potentially escalate their privileges. This could lead to unauthorized control over the device, impacting its integrity and availability.

Detection Guidance

This vulnerability involves improper input validation in a local configuration file on Axis devices running AXIS OS versions 12.0.0 through 12.10.36. Detection requires verifying the device software version and checking for unauthorized SSH access.

Since exploitation requires SSH login, monitoring SSH access logs on the device can help detect potential attempts.

To detect if your device is vulnerable, you can check the AXIS OS version by running a command on the device's CLI such as:

  • show version

If the version is between 12.0.0 and 12.10.36, the device is vulnerable and should be updated.

Additionally, reviewing SSH login attempts can be done by checking the SSH logs, for example:

  • cat /var/log/auth.log | grep ssh

Note that no public exploits are known, so detection focuses on version checking and monitoring SSH access.

Mitigation Strategies

The immediate mitigation step is to update the AXIS OS software on your device to version 12.10.37 or later, where the vulnerability has been patched.

Restrict SSH access to trusted users only, and monitor SSH login attempts to prevent unauthorized access.

If updating immediately is not possible, consider disabling SSH access temporarily to reduce the risk of exploitation.

Contact Axis technical support for further assistance and guidance on securing your device.

Compliance Impact

The provided information does not specify how this vulnerability affects compliance with common standards and regulations such as GDPR or HIPAA.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-1185. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart