EUVD-2026-36769
GHSA-p5jh-x5gw-rm3f
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Description states unauthenticated network input to the archiving pipeline triggers OS command execution, giving full host compromise, so AV:N/AC:L/PR:N/UI:N with C/I/A:H.
Primary rating from Vendor (mitre).
CVSS VectorVendor: mitre
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
4DescriptionCVE.org
An OS command injection vulnerability in the media archiving and export pipeline component of kanishka-linux Reminiscence v0.3.0 allows attackers to execute arbitrary commands via supplying a crafted input.
AnalysisAI
Remote code execution in kanishka-linux Reminiscence v0.3.0 allows unauthenticated attackers to execute arbitrary OS commands by supplying crafted input to the media archiving and export pipeline component. The CVSS 9.8 rating reflects network-reachable, unauthenticated exploitation with full impact to confidentiality, integrity, and availability, though no public exploit identified at time of analysis and EPSS sits at 0.67% (47th percentile) indicating limited observed exploitation pressure so far.
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | The attacker needs network reachability to a running Reminiscence v0.3.0 instance and the ability to submit input into the media archiving or export pipeline component - in practice, access to whatever endpoint accepts a URL or target identifier for archiving/exporting. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 3.1 vector (AV:N/AC:L/PR:N/UI:N/C:H/I:H/A:H) describes a textbook critical-severity remote, unauthenticated code-execution bug, and the SSVC-style read is: exploitation status = none reported, automatable = likely yes (single crafted request), technical impact = total. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker who can reach the Reminiscence web interface submits a URL or export-target value crafted with shell metacharacters (e.g., a URL containing backticks or '; <cmd>') to the archiving or export pipeline endpoint; the server-side handler passes this through to a shell-invoked downloader or converter, executing the attacker's command as the Reminiscence service user. From there the attacker can drop a webshell, exfiltrate the archive database, or pivot to the host. … |
| Remediation | No vendor-released patch identified at time of analysis - there is no upstream fix version listed in the input data, only a third-party gist and the NVD record. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours: Inventory all systems running Reminiscence v0.3.0 and isolate or restrict network access to the media archiving and export pipeline component. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
More from same product – last 7 days
In Citrix Cloud through 2025-11-10, an account with read-only access can trigger the beginning of a workflow for write o
Tenda 5G03 V05.03.02.04 (Version 1.0) is vulnerable to Command injection in the function action_ims_on_with_apn via the
Tenda 5G03 V05.03.02.04 (Version 1.0) is vulnerable to Command injection in the function action_unlock_sim via the pin p
Tenda 5G03 V05.03.02.04 (Version 1.0) is vulnerable to Command injection in the function action_set_volume via the volum
Tenda 5G03 V05.03.02.04 (Version 1.0) is vulnerable to Command injection in the function action_set_rat_mode via the rat
Share
External POC / Exploit Code
Leaving vuln.today