HIGH🇬🇧 English

CVE-2026-31386

CVSS 8.6v4.0pub. 2026-03-16upd. 2026-06-08

OpenLiteSpeed and LSWS Enterprise provided by LiteSpeed Technologies contain an OS command injection vulnerability. An arbitrary OS command may be executed by an attacker with the administrative privilege.

oryginał EN
CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
  • Litespeedtech Litespeed Web Server

    APP
    Litespeedtech
    < 6.3.5
  • Litespeedtech Openlitespeed

    APP
    Litespeedtech
    ≤ 1.9.0
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
Command Injection
CWE
Referencje

Powiązane podatności

CVE-2020-5519CRITICAL9.8ten sam produkt

The WebAdmin Console in OpenLiteSpeed before v1.6.5 does not strictly check request URLs, as demonstrated by t...

CVE-2023-40518HIGH7.5ten sam produkt

LiteSpeed OpenLiteSpeed before 1.7.18 does not strictly validate HTTP request headers.

CVE-2022-0074HIGH8.8ten sam produkt

Untrusted Search Path vulnerability in LiteSpeed Technologies OpenLiteSpeed Web Server and LiteSpeed Web Serve...

CVE-2022-0073HIGH8.8ten sam produkt

Improper Input Validation vulnerability in LiteSpeed Technologies OpenLiteSpeed Web Server and LiteSpeed Web S...

CVE-2021-26758HIGH8.8ten sam produkt

Privilege Escalation in LiteSpeed Technologies OpenLiteSpeed web server version 1.7.8 allows attackers to gain...