cvedb.io
CVE-2026-22313
CRITICAL · CVSS 9.1
EPSS exploitation probability: 0%
Published 2026-06-16T20:16:28.710 · Last modified 2026-06-17T17:16:43.687

Summary

The device has a webserver that exposes a REST API authenticated with a token on the management network. By exploiting an OS command injection vulnerability an authenticated attacker can send arbitrary commands to the device that are executed with administrative permissions by the underlying operating system.

Does this affect you?

Add your gear to cvedb and we'll alert you only when a vendor you run ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.