CVE-2026-53694 | THREATINT

Description

Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') vulnerability in Nomachine allows Argument Injection.This issue affects Nomachine: before 9.5.7, before 8.23.2.

PUBLISHED Reserved 2026-06-10 | Published 2026-06-10 | Updated 2026-06-10 | Assigner CIRCL

HIGH: 7.3CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Problem types

CWE-88 Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')

Product status

Default status

unaffected

Any version before 9.5.7

affected

Any version before 8.23.2

affected

Credits

Vonmetz Tobias finder

References

kb.nomachine.com/SU05X00274 release-notes

kb.nomachine.com/SU05X00275 release-notes

cve.org (CVE-2026-53694)

nvd.nist.gov (CVE-2026-53694)

Download JSON