Tag
#Command Injection
Critical Vulnerability in UniFi Connect Application: CVE-2026-50746
A critical Improper Access Control vulnerability (CVE-2026-50746) with a CVSS score of 10 has been discovered in the UniFi Connect Application. This vulnerability allows a malicious actor with network access to execute Command Injection on the host device. The affected version is UniFi Connect Application < 3.4.20. Immediate patching is recommended to prevent potential exploitation.
Rancher Vulnerable to Command Injection via Unsanitized YAML Parameter (CVE-2026-44939)
A critical command injection vulnerability (CVE-2026-44939, CVSS 9.4) has been identified in Rancher Manager's cluster import endpoint. An attacker can exploit this flaw by injecting malicious YAML configurations, potentially achieving full control over downstream Kubernetes clusters. Affected versions of Rancher must be updated to patched releases to mitigate this vulnerability.
Authenticated Command Injection in Coolify: CVE-2026-27957
A critical vulnerability (CVE-2026-27957) with a CVSS score of 8.8 was discovered in Coolify, an open-source tool for managing servers, applications, and databases. This authenticated command injection vulnerability allows any authenticated user to execute arbitrary commands as the configured SSH user on the managed server host, potentially leading to complete compromise of the managed server and associated docker containers. The vulnerability is fixed in version 4.0.0-beta.464. Organizations using Coolify should immediately upgrade to the patched version.
Understanding and Defending Against Command Injection in ANTLR4
This educational analysis focuses on CVE-2026-13501, a command injection vulnerability in ANTLR4 up to version 4.13.2. The vulnerability allows for local command injection through the manipulation of the GoTarget function in the GoTarget.java file. Understanding the root cause, attack surface, and exploitation mechanics is crucial for security practitioners to defend against such threats.