{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata — refreshed continuously.","feed_url":"https://feed.craftedsignal.io/tags/os-command-injection/","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cves":[{"cvss":7.2,"id":"CVE-2026-3120"}],"_cs_exploited":false,"_cs_products":["SambaBox (\u003e= 5.1, \u003c 5.3)"],"_cs_severities":["critical"],"_cs_tags":["code-injection","os-command-injection","cve-2026-3120"],"_cs_type":"advisory","_cs_vendors":["Profelis Information and Consulting Trade and Industry Limited Company"],"content_html":"\u003cp\u003eCVE-2026-3120 is a critical vulnerability affecting SambaBox, a product by Profelis Information and Consulting Trade and Industry Limited Company. This vulnerability, categorized as an Improper Control of Generation of Code (\u0026lsquo;Code Injection\u0026rsquo;), allows for OS Command Injection. Specifically, SambaBox versions 5.1 up to (but not including) version 5.3 are affected. An attacker with high privileges can exploit this vulnerability to execute arbitrary commands on the underlying operating system, potentially leading to full system compromise. This vulnerability was reported by the Computer Emergency Response Team of the Republic of Turkey (USOM). Defenders should patch affected systems immediately or apply mitigations to prevent exploitation.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn attacker with high privileges gains access to the SambaBox management interface.\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a malicious request containing an OS command within a vulnerable input field.\u003c/li\u003e\n\u003cli\u003eThe SambaBox application fails to properly sanitize or validate the input.\u003c/li\u003e\n\u003cli\u003eThe application generates code incorporating the unsanitized input.\u003c/li\u003e\n\u003cli\u003eThe generated code is executed by the underlying operating system.\u003c/li\u003e\n\u003cli\u003eThe injected OS command is executed with the privileges of the SambaBox application.\u003c/li\u003e\n\u003cli\u003eThe attacker gains the ability to execute arbitrary commands on the server.\u003c/li\u003e\n\u003cli\u003eThe attacker leverages the command execution to achieve persistence, escalate privileges further, or exfiltrate sensitive data.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2026-3120 allows an attacker to execute arbitrary commands on the SambaBox server. This could lead to complete system compromise, including data theft, modification, or destruction. The vulnerability affects SambaBox installations from version 5.1 before 5.3, potentially impacting all organizations using these versions. Given the high CVSS score of 7.2, this vulnerability poses a significant risk.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade SambaBox to version 5.3 or later to patch CVE-2026-3120.\u003c/li\u003e\n\u003cli\u003eApply the following Sigma rule to detect potential exploitation attempts by monitoring for suspicious process execution: \u0026ldquo;Detect SambaBox Command Injection\u0026rdquo;.\u003c/li\u003e\n\u003cli\u003eMonitor web server logs for unusual requests targeting SambaBox applications, specifically looking for attempts to inject OS commands.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-05-04T12:16:29Z","date_published":"2026-05-04T12:16:29Z","id":"/briefs/2026-05-sambabox-code-injection/","summary":"SambaBox versions 5.1 to before 5.3 are vulnerable to OS command injection via improper control of code generation (CVE-2026-3120), potentially allowing attackers with high privileges to execute arbitrary commands on the underlying system.","title":"SambaBox OS Command Injection Vulnerability (CVE-2026-3120)","url":"https://feed.craftedsignal.io/briefs/2026-05-sambabox-code-injection/"},{"_cs_actors":[],"_cs_cves":[{"cvss":7.8,"id":"CVE-2026-34937"}],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["high"],"_cs_tags":["cve-2026-34937","os command injection","praisonai"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003ePraisonAI, a multi-agent teams system, is susceptible to an OS command injection vulnerability affecting versions prior to 1.5.90. The vulnerability, identified as CVE-2026-34937, stems from the \u003ccode\u003erun_python()\u003c/code\u003e function\u0026rsquo;s construction of shell command strings. This function interpolates user-controlled code into a \u003ccode\u003epython3 -c \u0026quot;\u0026lt;code\u0026gt;\u0026quot;\u003c/code\u003e command and executes it using \u003ccode\u003esubprocess.run(..., shell=True)\u003c/code\u003e. The inadequate escaping logic, specifically the failure to escape \u003ccode\u003e$()\u003c/code\u003e and backtick substitutions, enables arbitrary OS command execution prior to Python\u0026rsquo;s invocation. Users of PraisonAI are urged to upgrade to version 1.5.90 or later to mitigate this risk.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn attacker identifies an instance of PraisonAI running a version prior to 1.5.90.\u003c/li\u003e\n\u003cli\u003eThe attacker crafts malicious code containing OS command injection payloads using \u003ccode\u003e$()\u003c/code\u003e or backticks.\u003c/li\u003e\n\u003cli\u003eThe attacker injects the malicious code into a parameter or input field that is processed by the \u003ccode\u003erun_python()\u003c/code\u003e function.\u003c/li\u003e\n\u003cli\u003eThe \u003ccode\u003erun_python()\u003c/code\u003e function constructs the shell command string, interpolating the attacker\u0026rsquo;s malicious code without proper escaping.\u003c/li\u003e\n\u003cli\u003eThe \u003ccode\u003esubprocess.run()\u003c/code\u003e function executes the crafted shell command with \u003ccode\u003eshell=True\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eThe attacker\u0026rsquo;s OS command is executed on the host system with the privileges of the PraisonAI application.\u003c/li\u003e\n\u003cli\u003eThe attacker gains unauthorized access to the system, potentially enabling data exfiltration, system modification, or denial of service.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of this vulnerability (CVE-2026-34937) allows an attacker to execute arbitrary OS commands on the system running PraisonAI. This could lead to complete system compromise, data breaches, or denial of service. The severity is high because it allows unauthenticated or low-privileged users to gain complete control of the system. Organizations using affected versions of PraisonAI are at risk of significant data loss and reputational damage.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eImmediately upgrade PraisonAI to version 1.5.90 or later to patch CVE-2026-34937.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule \u0026ldquo;Detect PraisonAI OS Command Injection Attempt\u0026rdquo; to your SIEM to identify potential exploitation attempts.\u003c/li\u003e\n\u003cli\u003eMonitor process creation events for the execution of unexpected processes originating from the PraisonAI application to detect post-exploitation activity.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-04-03T23:17:06Z","date_published":"2026-04-03T23:17:06Z","id":"/briefs/2026-04-praisonai-os-command-injection/","summary":"PraisonAI versions prior to 1.5.90 are vulnerable to OS Command Injection (CVE-2026-34937) due to insufficient escaping in the run_python() function, allowing arbitrary OS command execution via shell interpolation.","title":"PraisonAI OS Command Injection Vulnerability (CVE-2026-34937)","url":"https://feed.craftedsignal.io/briefs/2026-04-praisonai-os-command-injection/"},{"_cs_actors":[],"_cs_cves":[],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["critical"],"_cs_tags":["CVE-2023-7338","ruckus","rce","os command injection"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eCVE-2023-7338 is a critical remote code execution (RCE) vulnerability found in Ruckus Unleashed, a Wi-Fi network management solution. The vulnerability resides within the web-based management interface and requires the affected system to be operating in gateway mode. An authenticated attacker can exploit this flaw by crafting and sending malicious requests to the management interface, resulting in arbitrary code execution on the device. This vulnerability was reported by VulnCheck and assigned…\u003c/p\u003e\n","date_modified":"2026-03-26T20:16:08Z","date_published":"2026-03-26T20:16:08Z","id":"/briefs/2026-03-ruckus-rce/","summary":"CVE-2023-7338 is a remote code execution vulnerability affecting Ruckus Unleashed when gateway mode is enabled, allowing authenticated remote attackers to execute arbitrary code by sending specially crafted requests through the web-based management interface.","title":"Ruckus Unleashed Authenticated Remote Code Execution via CVE-2023-7338","url":"https://feed.craftedsignal.io/briefs/2026-03-ruckus-rce/"},{"_cs_actors":[],"_cs_cves":[{"cvss":8.8,"id":"CVE-2026-6849"}],"_cs_exploited":false,"_cs_products":["Pardus OS My Computer"],"_cs_severities":["critical"],"_cs_tags":["cve-2026-6849","os command injection","pardus os"],"_cs_type":"advisory","_cs_vendors":["TUBITAK BILGEM Software Technologies Research Institute"],"content_html":"\u003cp\u003eCVE-2026-6849 is a critical vulnerability affecting Pardus OS My Computer, a software developed by TUBITAK BILGEM Software Technologies Research Institute. This OS Command Injection vulnerability exists in versions \u0026lt;=0.7.5 and before 0.8.0. The vulnerability stems from the improper neutralization of special elements used in OS commands, potentially allowing an attacker to inject and execute arbitrary commands on the underlying operating system. Successful exploitation could lead to complete system compromise, data exfiltration, or denial-of-service conditions. Defenders should prioritize patching affected systems and implementing detection measures to identify and prevent exploitation attempts.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAttacker identifies an input field within Pardus OS My Computer that is vulnerable to OS command injection.\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a malicious input string containing special elements designed to be interpreted as OS commands.\u003c/li\u003e\n\u003cli\u003eThe vulnerable software fails to properly sanitize or neutralize these special elements.\u003c/li\u003e\n\u003cli\u003eThe software passes the unsanitized input string to an OS command interpreter (e.g., \u003ccode\u003esystem()\u003c/code\u003e, \u003ccode\u003eexec()\u003c/code\u003e).\u003c/li\u003e\n\u003cli\u003eThe OS command interpreter executes the attacker\u0026rsquo;s injected commands with the privileges of the running application.\u003c/li\u003e\n\u003cli\u003eThe attacker gains arbitrary code execution on the server.\u003c/li\u003e\n\u003cli\u003eThe attacker uses the gained access to install malware, exfiltrate sensitive data, or perform other malicious actions.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2026-6849 can lead to a complete compromise of the affected Pardus OS My Computer system. This could allow attackers to gain unauthorized access to sensitive data, install malware, disrupt services, or pivot to other systems on the network. Given the critical nature of OS command injection vulnerabilities, organizations using affected versions of Pardus OS My Computer should prioritize patching and mitigation efforts.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade Pardus OS My Computer to version 0.8.0 or later to patch CVE-2026-6849.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule \u003ccode\u003eDetect Suspicious Pardus OS My Computer Processes\u003c/code\u003e to your SIEM to detect potential exploitation attempts via process creation.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2024-01-02T12:00:00Z","date_published":"2024-01-02T12:00:00Z","id":"/briefs/2024-01-pardus-os-command-injection/","summary":"CVE-2026-6849 is an OS Command Injection vulnerability in TUBITAK BILGEM Software Technologies Research Institute Pardus OS My Computer versions \u003c=0.7.5 before 0.8.0, allowing an attacker to execute arbitrary OS commands due to improper neutralization of special elements.","title":"Pardus OS My Computer OS Command Injection Vulnerability (CVE-2026-6849)","url":"https://feed.craftedsignal.io/briefs/2024-01-pardus-os-command-injection/"}],"language":"en","title":"CraftedSignal Threat Feed — Os-Command-Injection","version":"https://jsonfeed.org/version/1.1"}