Skip to main content

Wgcloud CVE-2026-30402

CRITICAL
Code Injection (CWE-94)
2026-03-19 cve@mitre.org
9.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
9.8 CRITICAL
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

2
Analysis Generated
Mar 20, 2026 - 13:52 vuln.today
CVE Published
Mar 19, 2026 - 15:16 nvd
CRITICAL 9.8

DescriptionCVE.org

An issue in wgcloud v.2.3.7 and before allows a remote attacker to execute arbitrary code via the test connection function

AnalysisAI

Remote code execution in wgcloud version 2.3.7 and earlier allows unauthenticated attackers to execute arbitrary code through the test connection function. The vulnerability carries a critical CVSS score of 9.8 with network-based exploitation requiring no privileges or user interaction. No public exploit has been identified at time of analysis, though the EPSS score of 0.29% (52nd percentile) indicates low predicted exploitation probability despite the critical severity rating.

Technical ContextAI

This vulnerability is classified under CWE-94 (Improper Control of Generation of Code / Code Injection), indicating that the wgcloud application improperly handles user-supplied input in the test connection function, allowing attackers to inject and execute arbitrary code. Wgcloud is an open-source server monitoring system. The code injection occurs within a network-accessible test connection feature, suggesting insufficient input validation or sanitization of connection parameters that are subsequently processed or evaluated by the application. The affected component is identified as cpe:2.3:a:wgcloud_project:wgcloud:*:*:*:*:*:*:*:* for versions through 2.3.7.

RemediationAI

Upgrade wgcloud to a version later than 2.3.7 when available. Review the vendor advisory at https://github.com/tianshiyeben/wgcloud/issues/96 for the latest patching guidance and release information. No vendor-released patch with specific version number has been independently confirmed from available data sources at time of analysis. As an interim mitigation, restrict network access to the wgcloud management interface to trusted IP ranges only, implement network segmentation to isolate monitoring infrastructure, and disable or restrict access to the test connection function if not operationally required. Monitor the official GitHub repository for security updates and consider implementing input validation controls at the network perimeter level.

Share

CVE-2026-30402 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy