Skip to main content

JD Cloud JDCOS CVE-2026-7705

LOW
Command Injection (CWE-77)
2026-05-03 VulDB
Command Injection
2.1
CVSS 4.0

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

6
Severity Changed
May 03, 2026 - 23:22 NVD
MEDIUM LOW
CVSS changed
May 03, 2026 - 23:22 NVD
6.3 (MEDIUM) 2.1 (LOW)
PoC Detected
May 03, 2026 - 23:16 vuln.today
Public exploit code
Analysis Generated
May 03, 2026 - 23:00 vuln.today
Analysis Generated
May 03, 2026 - 22:45 vuln.today
CVE Published
May 03, 2026 - 22:00 nvd
LOW 2.1

DescriptionNVD

A flaw has been found in JD Cloud JDCOS 4.5.1.r4518. This vulnerability affects the function set_iptv_info of the file /jdcap of the component Service Interface. Executing a manipulation of the argument vid can lead to command injection. It is possible to launch the attack remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

AnalysisAI

Command injection in JD Cloud JDCOS 4.5.1.r4518 allows authenticated remote attackers to execute arbitrary system commands via manipulation of the vid parameter in the set_iptv_info function of the /jdcap service interface. The vulnerability has a CVSS score of 6.3 (Medium) with low attack complexity and is actively weaponized with publicly available exploit code. …

Sign in for full analysis, threat intelligence, and remediation guidance.

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Sign in - Free

Share

CVE-2026-7705 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy