critical advisory March 24, 2026

Unauthenticated CLI Escape Vulnerability (CVE-2026-3587)

An unauthenticated remote attacker can exploit a hidden function in the CLI prompt to escape the restricted interface of a device, leading to full compromise and root access on the underlying Linux-based OS, as described in CVE-2026-3587.

CVE-2026-3587 describes a critical vulnerability affecting devices with a command-line interface (CLI). An unauthenticated remote attacker can exploit a hidden function within the CLI prompt to bypass intended restrictions and gain unauthorized access. This vulnerability allows the attacker to escape the restricted CLI environment and obtain root privileges on the underlying Linux-based operating system, leading to a complete system compromise. The vulnerability was reported by CERT VDE. A…

Detection coverage 2

Detect Potential CLI Escape via Process Creation

high

Detects suspicious process creation events originating from the CLI, which could indicate an attempt to escape the restricted environment and execute arbitrary commands.

sigma tactics: privilege_escalation techniques: T1068 sources: process_creation, linux

Detect CLI Interface Access from Unusual Source IP

medium

Detects network connections to the CLI interface originating from unusual or unexpected source IP addresses.

sigma tactics: initial_access techniques: T1190 sources: network_connection, linux

Detection queries are kept inside the platform. Get full rules →

Indicators of compromise

url