CVE-2026-27848
CRITICALSeverity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
2DescriptionCVE.org
Due to missing neutralization of special elements, OS commands can be injected via the handshake of a TLS-SRP connection, which are ultimately run as the root user. This issue affects MR9600: 1.0.4.205530; MX4200: 1.0.13.210200.
AnalysisAI
OS command injection via TLS-SRP handshake. Similar to CVE-2026-27847 but targeting command execution through the SRP authentication process.
Technical ContextAI
CWE-78 OS command injection through the SRP username/identity field during TLS handshake.
Affected ProductsAI
Applications using TLS-SRP with system command-based auth
RemediationAI
Never pass SRP identity to system commands. Use parameterized lookups.
Same weakness CWE-78 – OS Command Injection
View allSame technique Command Injection
View allShare
External POC / Exploit Code
Leaving vuln.today