{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/vendors/axis/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[{"cvss":6.7,"id":"CVE-2026-0541"},{"cvss":6,"id":"CVE-2026-0802"},{"cvss":6.7,"id":"CVE-2026-0804"},{"cvss":5.4,"id":"CVE-2026-1185"}],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["Axis OS Active Track"],"_cs_severities":["critical"],"_cs_tags":["vulnerability","rce","privilege-escalation"],"_cs_type":"threat","_cs_vendors":["Axis"],"content_html":"\u003cp\u003eMultiple vulnerabilities have been discovered in Axis products that could allow an attacker to perform remote code execution (RCE) and escalate privileges. The affected software is Axis OS versions 12.10.x prior to 12.10.37 and 12.9.x prior to 12.9.33 when running Active Track. These vulnerabilities, identified as CVE-2026-0541, CVE-2026-0802, CVE-2026-0804, and CVE-2026-1185, pose a significant risk to systems running the affected versions. Successful exploitation could allow an attacker to gain complete control over the affected device. Defenders should apply patches as soon as possible.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eThe attacker identifies a vulnerable Axis device running a susceptible version of Axis OS with Active Track enabled.\u003c/li\u003e\n\u003cli\u003eThe attacker sends a crafted network request to the device, targeting one of the exploitable vulnerabilities (CVE-2026-0541, CVE-2026-0802, CVE-2026-0804, or CVE-2026-1185).\u003c/li\u003e\n\u003cli\u003eThe vulnerable software improperly handles the request, leading to memory corruption or other exploitable conditions.\u003c/li\u003e\n\u003cli\u003eThe attacker injects malicious code into the device\u0026rsquo;s memory.\u003c/li\u003e\n\u003cli\u003eThe attacker gains arbitrary code execution on the device.\u003c/li\u003e\n\u003cli\u003eThe attacker escalates privileges to gain administrative or root access.\u003c/li\u003e\n\u003cli\u003eThe attacker uses the elevated privileges to install malware, modify configurations, or steal sensitive data.\u003c/li\u003e\n\u003cli\u003eThe attacker uses the compromised device as a pivot point to attack other devices on the network, or maintains persistence for future access.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of these vulnerabilities allows attackers to achieve remote code execution and privilege escalation on affected Axis devices. This could lead to a complete compromise of the device, allowing attackers to steal sensitive data, install malware, or use the device as a foothold to attack other systems on the network. The number of potential victims depends on the number of deployed devices running the vulnerable versions of Axis OS with Active Track.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eApply the security patches provided by Axis to address CVE-2026-0541, CVE-2026-0802, CVE-2026-0804, and CVE-2026-1185 on all affected Axis OS Active Track devices (see References).\u003c/li\u003e\n\u003cli\u003eMonitor network traffic for suspicious activity targeting Axis devices, such as unexpected requests to exposed services using a network intrusion detection system.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule \u0026ldquo;Detect Suspicious Axis Network Activity\u0026rdquo; to identify potential exploitation attempts in network connection logs.\u003c/li\u003e\n\u003cli\u003eUpgrade Axis OS to a version that is not affected by these vulnerabilities to prevent exploitation.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-05-12T14:11:24Z","date_published":"2026-05-12T14:11:24Z","id":"https://feed.craftedsignal.io/briefs/2026-05-axis-vulns/","summary":"Multiple vulnerabilities in Axis products allow remote arbitrary code execution and privilege escalation in Axis OS versions 12.10.x prior to 12.10.37 and 12.9.x prior to 12.9.33 for Active Track.","title":"Multiple Vulnerabilities in Axis Products Allow Remote Code Execution and Privilege Escalation","url":"https://feed.craftedsignal.io/briefs/2026-05-axis-vulns/"}],"language":"en","title":"CraftedSignal Threat Feed — Axis","version":"https://jsonfeed.org/version/1.1"}