What is the CVSS score of CVE-2026-0782?

CVE-2026-0782 has a CVSS 3.1 base score of 8.8 (High). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. EPSS exploitation probability: 0.4%.

Which versions of Golang are affected by CVE-2026-0782?

ALGO 8180 IP Audio Alerter devices are vulnerable to remote code execution attacks that could allow attackers to gain full control of affected systems without authentication.

Golang CVE-2026-0782

HIGH

OS Command Injection (CWE-78)

2026-01-23 zdi-disclosures@trendmicro.com

RCE Command Injection Golang 8180 Ip Audio Alerter Firmware

8.8

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Generated

Mar 12, 2026 - 21:54 vuln.today

CVE Published

Jan 23, 2026 - 04:16 nvd

HIGH 8.8

DescriptionNVD

ALGO 8180 IP Audio Alerter Web UI Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of ALGO 8180 IP Audio Alerter devices. Authentication is required to exploit this vulnerability.

The specific flaw exists within the web-based user interface. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of the device. Was ZDI-CAN-28291.

AnalysisAI

Remote code execution in ALGO 8180 IP Audio Alerter devices through command injection in the web management interface allows authenticated attackers to execute arbitrary commands with device privileges. The vulnerability stems from insufficient input validation of user-supplied parameters passed to system calls. …

RemediationAI

Within 24 hours: Identify and inventory all ALGO 8180 devices in your environment and restrict network access to administrative interfaces using firewall rules. Within 7 days: Isolate affected devices to trusted networks only, disable unnecessary web UI features, and implement network segmentation to limit lateral movement if compromise occurs. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

CVE-2026-0782 vulnerability details – vuln.today

Back

Golang CVE-2026-0782

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Full analysis requires sign-in

Share

External POC / Exploit Code