EUVD-2026-23165
GHSA-hx2j-xhcm-gv72
CVSS VectorNVD
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
4DescriptionNVD
The iSherlock developed by HGiga has an OS Command Injection vulnerability, allowing unauthenticated local attackers to inject arbitrary OS commands and execute them on the server.
AnalysisAI
OS Command Injection in HGiga iSherlock-base and iSherlock-audit versions 4.5 and 5.5 allows remote unauthenticated attackers to execute arbitrary operating system commands on the server with full system privileges. All four product variants (iSherlock-base-4.5, iSherlock-audit-4.5, iSherlock-base-5.5, iSherlock-audit-5.5) are affected in versions below build 476 (base) and 261 (audit). …
Sign in for full analysis, threat intelligence, and remediation guidance.
RemediationAI
Within 24 hours: Identify all iSherlock deployments running versions 4.5 and 5.5 (base builds below 476, audit builds below 261) and isolate affected systems from production networks if patching cannot be completed immediately. Within 7 days: Apply vendor patch to iSherlock-base build 476+ and iSherlock-audit build 261+ per TWCERT advisory; validate patch deployment across all four affected product variants. …
Sign in for detailed remediation steps.
Share
External POC / Exploit Code
Leaving vuln.today