CRITICAL🇵🇱 Wersja polska

CVE-2026-39006

CVSS 9.8pub. 2026-06-15upd. 2026-06-16

An issue in SNMP4J-Agent 3.8.3 allows a remote attacker to execute arbitrary code via the snmp4jCfgStoragePath component.

🤖 AI Analysis
How it works

The vulnerability lies in the snmp4jCfgStoragePath component, which is responsible for handling the path to store the SNMP agent configuration. Identified error types (CWE-73 — external control of file name or path, CWE-284 — improper access control, CWE-502 — deserialization of untrusted data) indicate that an attacker can supply a crafted path value or deserialization payload, resulting in execution of code controlled by the attacker on the server side. The attack does not require authentication or user interaction and can be conducted remotely over the network.

Impact

An attacker can gain full control over the system running SNMP4J-Agent, including access to sensitive data, the ability to modify configuration, and potential takeover of the entire network environment managed by the agent.

Mitigation & patch

Patches available from the vendor should be applied according to references. Until the fix is deployed, it is recommended to restrict network access to SNMP ports exclusively to trusted management hosts and monitor attempts of unauthorized access to the agent.

Who is affected

SNMP4J-Agent version 3.8.3

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
RCEDeserialization
CWE
References