Severity by source
AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionCVE.org
There is a vulnerability in the Supermicro BMC SMTP service at Supermicro AS-2115HS-TNR. An attacker may obtain administrator privileges and inject specially crafted characters into the SMTP service configuration. This may cause the underlying system to execute unintended commands during process invocation.
Potential impact includes denial-of-service attacks, arbitrary code execution, or permanent compromise of the controller.
AnalysisAI
Command injection in the Supermicro AS-2115HS-TNR BMC's SMTP service allows an authenticated administrator to inject crafted characters into the SMTP configuration, causing the underlying system to execute unintended OS commands during process invocation. Successful exploitation can yield arbitrary code execution on the baseboard management controller, denial of service, or persistent compromise of the management plane. No public exploit identified at time of analysis, and the issue is not currently listed in CISA KEV.
Technical ContextAI
Baseboard Management Controllers (BMCs) are independent microcontrollers embedded on server motherboards that provide out-of-band management via IPMI, Redfish, and a dedicated web UI; the SMTP component is used by the BMC to deliver alert email notifications. The flaw is classified as CWE-78 (Improper Neutralization of Special Elements used in an OS Command), meaning user-controllable input from the SMTP configuration is passed unsanitized into a shell or process invocation, allowing argument or command-separator metacharacters to break out of the intended command. The affected CPE is cpe:2.3:a:smci:as-2115hs-tnr, identifying the BMC firmware shipped on Supermicro's AS-2115HS-TNR Hyper server platform.
RemediationAI
Patch available per vendor advisory - consult the Supermicro June 2026 BMC/IPMI bulletin at https://www.supermicro.com/en/support/security_BMC_IPMI_Jun_2026 for the fixed BMC firmware image for the AS-2115HS-TNR and apply it via the BMC web UI or vendor flashing utility, noting that BMC firmware updates typically require a management-controller reboot but do not disrupt the host OS. As compensating controls until firmware can be staged, restrict BMC management interfaces to a dedicated out-of-band VLAN reachable only from trusted jump hosts (mitigates the AV:N component but does not address insider/admin abuse), rotate and uniquely scope BMC administrator credentials and disable any shared/default accounts (directly raises the PR:H bar that this CVE depends on), and where feasible disable the SMTP alerting feature in the BMC configuration to remove the vulnerable code path - accepting the trade-off that email-based hardware alerts will no longer be delivered and an alternative monitoring channel (SNMP traps, Redfish event subscription, syslog) must be configured.
Same weakness CWE-78 – OS Command Injection
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-34226
GHSA-wp43-6fh8-q2qr