Home

Description

Due to the improper neutralisation of special elements used in an OS command, a remote attacker can exploit an RCE vulnerability in the generateSrpArray function, resulting in full system compromise. This vulnerability can only be attacked if the attacker has some other way to write arbitrary data to the user table.

PUBLISHED Reserved 2026-03-23 | Published 2026-04-02 | Updated 2026-04-02 | Assigner CERTVDE




HIGH: 7.2CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Problem types

CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Product status

Default status
unaffected

0.0.0 (semver)
affected

Default status
unaffected

0.0.0 (semver)
affected

Credits

Moritz Abrell, Christian Zäske from SySS GmbH finder

References

certvde.com/de/advisories/VDE-2026-030 vendor-advisory

mbconnectline.csaf-tp.certvde.com/.../2026/vde-2026-030.json vendor-advisory

cve.org (CVE-2026-33613)

nvd.nist.gov (CVE-2026-33613)

Download JSON