Product
CVE-2026-60114 Sustainable Irrigation Platform Path Traversal Vulnerability
3 TTPs 1 CVEA path traversal vulnerability (CVE-2026-60114) in Sustainable Irrigation Platform (SIP) through version 5.2.16 allows attackers with access to the restore functionality to write files to arbitrary locations by uploading crafted JSON backup files containing unvalidated keys, leading to potential remote code execution, persistence, and privilege escalation.
Command Injection in Sustainable Irrigation Platform cli_control Plugin
3 TTPs 3 CVEsA critical command injection vulnerability (CVE-2026-58479) exists in the optional cli_control plugin of Sustainable Irrigation Platform (SIP) versions up to 5.2.16, allowing unauthenticated or CSRF attackers to execute arbitrary operating-system commands by storing a malicious payload via the plugin's HTTP endpoint and triggering execution by activating an associated irrigation station.