Product
A critical vulnerability (CVE-2026-15497) exists in SonicCloudOrg's sonic-agent, affecting versions up to 2.7.2. The flaw resides within an unknown function in the `ExchangeController.java` file, specifically within the JWT Authentication Filter component of the `sonic-server-controller`. This vulnerability allows for remote code injection, and public exploits are available. The vendor was notified but has not responded, and the affected products are no longer supported.