NIS2 & DORA Compliance

Regulatory triage for vulnerability prioritization – classification based on existing CVE data

Regulatory Triage ICT Providers
NIS2 Relevant
433
DORA Relevant
65
Internet-Facing
368
Third-Party ICT
65
Unpatched
437
Exploited
67
Framework:
Period:
Sort:
CVE-2026-5976
OS command injection in Totolink A7100RU router firmware 7.4cu.2313_b20191024 allows unauthenticated remote attackers to execute arbitrary system commands via crafted sambaEnabled parameter in setStorageCfg function of /cgi-bin/cstecgi.cgi CGI handler. Publicly available exploit code exists. Network-reachable attack vector requires no user interaction, enabling full system compromise of affected routers.
NIS2 Edge exposure No patch available PoC
Why flagged?
NIS2 Relevant
  • HIGH severity
  • Internet-facing (CWE-78: OS Command Injection)
  • Proof of concept available
  • No patch available
  • Strong evidence (KEV / high EPSS / multi-source)
8.9
CVSS 4.0
0.9%
EPSS
64
Priority
CVE-2026-5978
OS command injection in Totolink A7100RU router firmware 7.4cu.2313_b20191024 allows unauthenticated remote attackers to execute arbitrary system commands via the 'mode' parameter in the setWiFiAclRules function (/cgi-bin/cstecgi.cgi). Publicly available exploit code exists. Attackers can achieve complete device compromise with high impact to confidentiality, integrity, and availability of the router. No authentication required for exploitation (CVSS PR:N).
NIS2 Edge exposure No patch available PoC
Why flagged?
NIS2 Relevant
  • HIGH severity
  • Internet-facing (CWE-78: OS Command Injection)
  • Proof of concept available
  • No patch available
  • Strong evidence (KEV / high EPSS / multi-source)
8.9
CVSS 4.0
0.9%
EPSS
64
Priority
CVE-2026-5975
OS command injection in Totolink A7100RU router firmware version 7.4cu.2313_b20191024 allows unauthenticated remote attackers to execute arbitrary system commands via the wanIdx parameter in the setDmzCfg function within /cgi-bin/cstecgi.cgi. CVSS 8.9 (Critical) with attack complexity low, no privileges required, and no user interaction. Publicly available exploit code exists. Exploitation enables complete compromise of device confidentiality, integrity, and availability with total technical impact.
NIS2 Edge exposure No patch available PoC
Why flagged?
NIS2 Relevant
  • HIGH severity
  • Internet-facing (CWE-78: OS Command Injection)
  • Proof of concept available
  • No patch available
  • Strong evidence (KEV / high EPSS / multi-source)
8.9
CVSS 4.0
0.9%
EPSS
64
Priority
CVE-2026-22683
Authorization bypass in Windmill 1.56.0-1.614.0 enables Operator role users to escalate privileges to remote code execution. Operators can bypass documented role restrictions via unprotected backend API endpoints to create/modify scripts, flows, and apps, then execute arbitrary code through the jobs API. Public exploit code exists (GitHub: Chocapikk/Windfall). EPSS data unavailable, but the low attack complexity (AC:L), network access vector (AV:N), and availability of weaponized POC indicate elevated real-world risk for self-hosted Windmill deployments with Operator-level users.
NIS2 Edge exposure No patch available Management plane PoC
Why flagged?
NIS2 Relevant
  • HIGH severity
  • Internet-facing technique: authentication-bypass, rce
  • Proof of concept available
  • No patch available
  • Management plane (Missing Authorization)
  • Strong evidence (KEV / high EPSS / multi-source)
8.7
CVSS 4.0
0.2%
EPSS
64
Priority
CVE-2026-22666
Remote code execution in Dolibarr ERP/CRM versions prior to 23.0.2 allows authenticated administrators to execute arbitrary system commands by exploiting inadequate input validation in the dol_eval_standard() function. The vulnerability enables attackers to bypass security controls using PHP dynamic callable syntax through computed extrafields or other evaluation paths. With a CVSS score of 7.2 and publicly available exploit code documented by Jiva Security, this represents an elevated risk for organizations running unpatched Dolibarr instances, though exploitation requires high-privilege administrator access (CVSS:3.1/PR:H), limiting the attack surface to insider threats or compromised admin accounts.
NIS2 Edge exposure PoC
Why flagged?
NIS2 Relevant
  • HIGH severity
  • Internet-facing (CWE-95: Eval Injection)
  • Proof of concept available
  • Strong evidence (KEV / high EPSS / multi-source)
8.6
CVSS 4.0
0.1%
EPSS
63
Priority
CVE-2026-5684
Stack-based buffer overflow in Tenda CX12L router firmware version 16.03.53.12 enables adjacent network attackers with low-level credentials to execute arbitrary code or crash the device. The vulnerability resides in the webExcptypemanFilter function's handling of the 'page' parameter. Publicly available exploit code exists (GitHub POC published), elevating immediate risk for exposed devices. CVSS 8.6 reflects high impact across confidentiality, integrity, and availability within the adjacent network attack surface.
No patch available PoC
Why flagged?
8.6
CVSS 4.0
0.0%
EPSS
63
Priority
CVE-2026-29002
Privilege escalation in CouchCMS allows authenticated Admin-level users to create SuperAdmin accounts by manipulating the f_k_levels_list parameter during user creation requests. Attackers modify the parameter value from 4 to 10 in HTTP POST bodies to bypass authorization controls and gain unrestricted application access. This authenticated attack (PR:H) enables lateral privilege movement from Admin to SuperAdmin, circumventing intended role hierarchy enforcement. Publicly available exploit code exists, lowering exploitation barrier for actors with existing Admin credentials.
NIS2 Edge exposure No patch available Management plane PoC
Why flagged?
NIS2 Relevant
  • HIGH severity
  • Internet-facing technique: authentication-bypass
  • Proof of concept available
  • No patch available
  • Management plane (Authorization Bypass via User-Controlled Key)
  • Strong evidence (KEV / high EPSS / multi-source)
8.6
CVSS 4.0
0.0%
EPSS
63
Priority
CVE-2026-35020
OS command injection in Anthropic Claude Code CLI and Claude Agent SDK for Python allows local attackers to execute arbitrary commands by poisoning the TERMINAL environment variable with shell metacharacters. The vulnerability affects both normal CLI operations and deep-link handlers, enabling privilege escalation to the user context running the CLI. Publicly available exploit code exists. With CVSS 8.6 (High) severity, this presents significant risk in CI/CD pipelines and developer environments where environment variables may be attacker-controlled.
NIS2 Edge exposure No patch available PoC
Why flagged?
NIS2 Relevant
  • HIGH severity
  • Internet-facing (CWE-78: OS Command Injection)
  • Proof of concept available
  • No patch available
  • Strong evidence (KEV / high EPSS / multi-source)
8.6
CVSS 4.0
0.1%
EPSS
63
Priority
CVE-2026-35021
OS command injection in Anthropic Claude Code CLI and Claude Agent SDK for Python enables arbitrary command execution via malicious file paths containing shell metacharacters. Local attackers can exploit POSIX shell command substitution within double-quoted strings to execute commands with user privileges. Publicly available exploit code exists. With CVSS 8.4 (High) and local attack vector requiring user interaction, this represents elevated risk in CI/CD pipelines and development environments where untrusted file paths may be processed.
NIS2 Edge exposure No patch available PoC
Why flagged?
NIS2 Relevant
  • HIGH severity
  • Internet-facing (CWE-78: OS Command Injection)
  • Proof of concept available
  • No patch available
  • Moderate evidence (PoC / elevated EPSS)
8.4
CVSS 4.0
0.0%
EPSS
62
Priority
CVE-2026-4338
Improper access control in the ActivityPub WordPress plugin before 8.0.2 exposes draft, scheduled, and pending posts to unauthenticated remote users, resulting in confidentiality breach. This information disclosure vulnerability (CVSS 7.5) allows network-based attackers to access unpublished content without authentication or user interaction. Publicly available exploit code exists, though no confirmed active exploitation (not in CISA KEV). EPSS score of 0.02% (6th percentile) suggests low current exploitation probability despite POC availability, but SSVC framework marks it as automatable with partial technical impact.
No patch available PoC
Why flagged?
7.5
CVSS 3.1
0.0%
EPSS
58
Priority
CVE-2026-6123
Stack-based buffer overflow in Tenda F451 router firmware 1.0.0.7 enables authenticated remote attackers to execute arbitrary code with high privileges via crafted 'entrys' parameter to the /goform/addressNat endpoint. The vulnerability resides in the fromAddressNat function of the httpd component. Public exploit code is available (GitHub), with EPSS indicating moderate exploitation probability. Requires low-privilege authentication (PR:L) but has low attack complexity (AC:L), making it accessible to attackers with basic router credentials.
No patch available PoC
Why flagged?
7.4
CVSS 4.0
0.1%
EPSS
57
Priority
CVE-2026-5830
Stack-based buffer overflow in Tenda AC15 router firmware 15.03.05.18 websGetVar function allows authenticated remote attackers to execute arbitrary code with high impact to confidentiality, integrity, and availability. The vulnerability resides in /goform/SysToolChangePwd endpoint where manipulation of oldPwd, newPwd, or cfmPwd parameters triggers memory corruption. Publicly available exploit code exists. Exploitation requires low-privilege authenticated access but no user interaction, making it readily exploitable once credentials are obtained.
NIS2 Edge exposure No patch available PoC
Why flagged?
NIS2 Relevant
  • HIGH severity
  • Internet-facing technique: rce
  • Proof of concept available
  • No patch available
  • Strong evidence (KEV / high EPSS / multi-source)
7.4
CVSS 4.0
0.0%
EPSS
57
Priority
CVE-2026-5609
Stack-based buffer overflow in Tenda i12 router firmware 1.0.0.11(3862) allows authenticated remote attackers to execute arbitrary code via the WiFi SSID configuration interface. The vulnerability is exploitable over the network with low complexity through manipulation of the 'index' or 'wl_radio' parameters in the formwrlSSIDset function. With publicly available exploit code (GitHub POC) and a CVSS score of 8.8, this presents immediate risk to exposed management interfaces. EPSS data not provided, but the combination of network accessibility, authentication bypass potential, and weaponized exploit elevates real-world risk.
No patch available PoC
Why flagged?
7.4
CVSS 4.0
0.0%
EPSS
57
Priority
CVE-2026-6016
Stack-based buffer overflow in Tenda AC9 router firmware 15.03.02.13 enables authenticated remote attackers to execute arbitrary code or crash the device. The vulnerability resides in the decodePwd function within /goform/WizardHandle POST request handler, triggered by manipulating the WANS parameter. Attack requires low-privilege authentication but no user interaction. CVSS 8.8 (High) reflects potential for complete system compromise. Publicly available exploit code exists; no confirmed active exploitation (CISA KEV).
No patch available PoC
Why flagged?
7.4
CVSS 4.0
0.0%
EPSS
57
Priority
CVE-2026-6120
Stack-based buffer overflow in Tenda F451 router version 1.0.0.7 allows authenticated remote attackers to achieve complete system compromise through the DHCP client list function. The vulnerability exists in the httpd service's /goform/DhcpListClient endpoint via the 'page' parameter. Publicly available exploit code exists (GitHub POC published), enabling low-complexity attacks that can result in full confidentiality, integrity, and availability compromise. CVSS 8.8 reflects high impact across all security objectives with minimal attack complexity, though low-privileged authentication is required.
No patch available PoC
Why flagged?
7.4
CVSS 4.0
0.0%
EPSS
57
Priority
CVE-2026-6015
Stack-based buffer overflow in Tenda AC9 router firmware 15.03.02.13 allows authenticated remote attackers to execute arbitrary code via crafted PPPOEPassword parameter to formQuickIndex endpoint. Attack requires low-privilege credentials but no user interaction, enabling complete device compromise. Publicly available exploit code exists. CVSS 8.8 reflects network-accessible attack path with high impact to confidentiality, integrity, and availability.
No patch available PoC
Why flagged?
7.4
CVSS 4.0
0.0%
EPSS
57
Priority
CVE-2026-5604
Stack-based buffer overflow in Tenda CH22 router firmware version 1.0.0.1 allows authenticated remote attackers to execute arbitrary code via crafted 'standard' parameter to the formCertLocalPrecreate function in /goform/CertLocalPrecreate endpoint. Publicly available exploit code exists (GitHub), CVSS 7.4 (High), but no active exploitation confirmed (not in CISA KEV). CVSS vector indicates low attack complexity with required authentication (PR:L), affecting all three confidentiality, integrity, and availability at high impact levels.
No patch available PoC
Why flagged?
7.4
CVSS 4.0
0.0%
EPSS
57
Priority
CVE-2026-6122
Stack-based buffer overflow in Tenda F451 router version 1.0.0.7 allows authenticated remote attackers to execute arbitrary code with high impact to confidentiality, integrity, and availability. The vulnerability resides in the httpd component's frmL7ProtForm function when processing the 'page' parameter in /goform/L7Prot. Publicly available exploit code exists (GitHub POC published), enabling attackers with low-privilege credentials to achieve full system compromise. CVSS 8.8 (High) with low attack complexity and no user interaction required. No vendor-released patch identified at time of analysis.
No patch available PoC
Why flagged?
7.4
CVSS 4.0
0.0%
EPSS
57
Priority
CVE-2026-6121
Stack-based buffer overflow in Tenda F451 router firmware version 1.0.0.7 allows authenticated remote attackers to achieve full system compromise via crafted HTTP requests to the wireless client configuration endpoint. The vulnerability (CVSS 8.8) exists in the WrlclientSet function within the httpd service and requires only low-privilege authentication. Publicly available exploit code has been published on GitHub, significantly lowering the barrier to exploitation, though no active exploitation is confirmed in CISA KEV at time of analysis.
No patch available PoC
Why flagged?
7.4
CVSS 4.0
0.0%
EPSS
57
Priority
CVE-2026-6124
Stack-based buffer overflow in Tenda F451 router firmware 1.0.0.7 allows authenticated remote attackers to achieve complete system compromise via the SafeMacFilter function. The vulnerability is exploitable over the network with low complexity, requiring only basic user credentials. Publicly available exploit code exists (GitHub POC), significantly lowering the barrier for exploitation. CVSS 8.8 (High) severity with potential for code execution, data theft, and device takeover.
No patch available PoC
Why flagged?
7.4
CVSS 4.0
0.0%
EPSS
57
Priority
CVE-2026-6014
Buffer overflow in D-Link DIR-513 firmware 1.10 formAdvanceSetup function enables authenticated remote attackers to achieve arbitrary code execution with high confidentiality, integrity, and availability impact. The vulnerability resides in POST request handling at /goform/formAdvanceSetup endpoint, where insufficient input validation of the 'webpage' parameter triggers memory corruption. Publicly available exploit code exists. This router model is end-of-life with no vendor support.
No patch available PoC
Why flagged?
7.4
CVSS 4.0
0.0%
EPSS
57
Priority
CVE-2026-6012
Buffer overflow in D-Link DIR-513 1.10 formSetPassword function allows authenticated remote attackers to achieve arbitrary code execution with high confidentiality, integrity, and availability impact. Exploitation occurs through POST request manipulation of the curTime parameter in /goform/formSetPassword endpoint. This end-of-life product receives no vendor support, and publicly available exploit code exists. Attack requires low-privilege authentication (CVSS PR:L) but no user interaction, enabling straightforward remote exploitation once credentials are obtained.
No patch available PoC
Why flagged?
7.4
CVSS 4.0
0.0%
EPSS
57
Priority
CVE-2026-6013
Buffer overflow in D-Link DIR-513 1.10 POST request handler allows authenticated remote attackers to achieve arbitrary code execution with high confidentiality, integrity, and availability impact. The formSetRoute function improperly validates the curTime parameter, enabling memory corruption attacks. Publicly available exploit code exists. This vulnerability affects end-of-life hardware no longer supported by D-Link, leaving no vendor remediation pathway.
No patch available PoC
Why flagged?
7.4
CVSS 4.0
0.0%
EPSS
57
Priority
CVE-2026-5608
Stack-based buffer overflow in Belkin F9K1122 router firmware 1.00.33 enables authenticated remote attackers to achieve full device compromise via crafted 'webpage' parameter in formWlanSetup function. Publicly available exploit code exists, and EPSS data suggests low-probability targeting despite critical CVSS 8.8 severity. Vendor non-responsive to disclosure; no patch released.
No patch available PoC
Why flagged?
7.4
CVSS 4.0
0.0%
EPSS
57
Priority
CVE-2026-5611
Stack-based buffer overflow in Belkin F9K1015 wireless router firmware version 1.00.10 allows authenticated remote attackers to achieve arbitrary code execution with high confidentiality, integrity, and availability impact. The vulnerability resides in the formCrossBandSwitch function accessible via /goform/formCrossBandSwitch endpoint, where unsanitized input to the 'webpage' parameter triggers memory corruption. Publicly available exploit code exists (GitHub POC), elevating practical exploitation risk. CVSS 8.8 score reflects network attack vector with low complexity, requiring only low-privilege authentication. EPSS data not provided, but combination of public exploit and trivial attack complexity suggests elevated real-world risk. Vendor (Belkin) did not respond to coordinated disclosure attempts, and no vendor-released patch identified at time of analysis.
No patch available PoC
Why flagged?
7.4
CVSS 4.0
0.0%
EPSS
57
Priority
Prev Page 2 of 25 (619 CVEs) Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy