CVE-2026-0774
HIGHSeverity by source
AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
2DescriptionCVE.org
WatchYourLAN Configuration Page Argument Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of WatchYourLAN. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the handling of the arpstrs parameter. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-26708.
AnalysisAI
WatchYourLAN's configuration page is vulnerable to argument injection through improper validation of the arpstrs parameter, enabling unauthenticated network-adjacent attackers to execute arbitrary code with service account privileges. The vulnerability stems from insufficient input sanitization before system command execution and currently lacks an available patch. An attacker on the same network can exploit this without authentication to achieve complete system compromise.
Technical ContextAI
WatchYourLAN Configuration Page Argument Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of WatchYourLAN. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the handling of the arpstrs parameter. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulne
Affected ProductsAI
Component: handling of the arpstrs.
RemediationAI
Monitor vendor advisories for a patch.
Share
External POC / Exploit Code
Leaving vuln.today