CVE-2026-3120 | THREATINT

Description

Improper Control of Generation of Code ('Code Injection') vulnerability in Profelis Information and Consulting Trade and Industry Limited Company SambaBox allows OS Command Injection. This issue affects SambaBox: from 5.1 before 5.3.

PUBLISHED Reserved 2026-02-24 | Published 2026-05-04 | Updated 2026-05-04 | Assigner TR-CERT

HIGH: 7.2CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Problem types

CWE-94 Improper Control of Generation of Code ('Code Injection')

Product status

Default status

unaffected

5.1 (custom) before 5.3

affected

Credits

Kayra BÜYÜKLÜ finder

References

www.usom.gov.tr/bildirim/tr-26-0155 third-party-advisory

cve.org (CVE-2026-3120)

nvd.nist.gov (CVE-2026-3120)

Download JSON