Vendor
A critical command injection vulnerability (CVE-2026-58479) exists in the optional cli_control plugin of Sustainable Irrigation Platform (SIP) versions up to 5.2.16, allowing unauthenticated or CSRF attackers to execute arbitrary operating-system commands by storing a malicious payload via the plugin's HTTP endpoint and triggering execution by activating an associated irrigation station.