Skip to main content

Isherlock Base 4 5 CVE-2026-6349

| EUVDEUVD-2026-23165 CRITICAL
OS Command Injection (CWE-78)
2026-04-16 twcert GHSA-hx2j-xhcm-gv72
9.3
CVSS 4.0 · NVD
Share

Severity by source

NVD PRIMARY
9.3 CRITICAL
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
X

Lifecycle Timeline

10
CVSS changed
Apr 24, 2026 - 08:22 NVD
10.0 (CRITICAL) 9.3 (CRITICAL)
Patch released
Apr 24, 2026 - 08:16 nvd
Patch available
Re-analysis Queued
Apr 17, 2026 - 15:52 vuln.today
cvss_changed
Analysis Updated
Apr 16, 2026 - 05:31 vuln.today
v2 (patch_released)
Re-analysis Queued
Apr 16, 2026 - 05:29 backfill_euvd_patch
patch_released
Patch available
Apr 16, 2026 - 05:29 EUVD
476,261
Analysis Generated
Apr 16, 2026 - 04:52 vuln.today
EUVD ID Assigned
Apr 16, 2026 - 02:45 euvd
EUVD-2026-23165
Analysis Generated
Apr 16, 2026 - 02:45 vuln.today
CVE Published
Apr 16, 2026 - 02:24 nvd
CRITICAL 9.3

DescriptionCVE.org

The iSherlock developed by HGiga  has an OS Command Injection vulnerability, allowing unauthenticated local attackers to inject arbitrary OS commands and execute them on the server.

AnalysisAI

OS Command Injection in HGiga iSherlock-base and iSherlock-audit versions 4.5 and 5.5 allows remote unauthenticated attackers to execute arbitrary operating system commands on the server with full system privileges. All four product variants (iSherlock-base-4.5, iSherlock-audit-4.5, iSherlock-base-5.5, iSherlock-audit-5.5) are affected in versions below build 476 (base) and 261 (audit). Vendor-released patch available per Taiwan CERT (TWCERT) advisory. CVSS 4.0 score of 10.0 reflects maximum severity with network attack vector, no authentication required, and high impact to all CIA triad properties including scope change. No public exploit identified at time of analysis.

Technical ContextAI

iSherlock is an enterprise security product developed by HGiga, likely providing intrusion detection, audit logging, or security monitoring capabilities based on the product naming (-base and -audit editions). The vulnerability is rooted in CWE-78 (Improper Neutralization of Special Elements used in an OS Command), a classic injection flaw where user-controlled input is passed to system shell commands without proper sanitization. Affected products per CPE data: iSherlock-base-4.5 (all builds <476), iSherlock-audit-4.5 (all builds <261), iSherlock-base-5.5 (all builds <476), and iSherlock-audit-5.5 (all builds <261). The command injection likely occurs in a network-accessible interface or API endpoint that processes external input and executes system commands, possibly for administrative functions, log processing, or system configuration tasks common in security appliances.

RemediationAI

Upgrade immediately to patched versions: iSherlock-base-4.5 build 476 or later, iSherlock-audit-4.5 build 261 or later, iSherlock-base-5.5 build 476 or later, and iSherlock-audit-5.5 build 261 or later as specified in EUVD-2026-23165. Consult HGiga vendor through TWCERT advisory channels at https://www.twcert.org.tw/en/cp-139-10841-4f504-2.html for patch acquisition and installation procedures. If immediate patching is not possible, implement network-level access controls to restrict iSherlock management interfaces to trusted IP ranges only (specific administrative VLANs or jump hosts), eliminating public internet exposure. Place vulnerable systems behind web application firewall (WAF) with strict input validation rules blocking shell metacharacters (semicolons, pipes, backticks, dollar signs, ampersands) in all HTTP parameters and headers, though this provides incomplete protection against sophisticated encoding attacks. Monitor system command execution logs and network traffic for unusual shell activity or unexpected outbound connections from iSherlock servers. Note that restricting network access significantly reduces attack surface but may impact legitimate remote administration workflows requiring VPN or bastion host access. Do not rely solely on application-level authentication as the vulnerability bypasses authentication mechanisms entirely.

Share

CVE-2026-6349 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy