Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:N/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:N/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
6DescriptionCVE.org
The Angeet ES3 KVM does not properly sanitize user-supplied variables parsed by the 'cfg.lua' script, allowing an authenticated attacker to execute OS-level commands.
AnalysisAI
OS command execution in Angeet ES3 KVM allows authenticated administrators to execute arbitrary system commands through improper input validation in the cfg.lua script. An attacker with high-level privileges can leverage this vulnerability to achieve complete system compromise with high impact on confidentiality, integrity, and availability. No patch is currently available for this critical vulnerability.
Technical ContextAI
The vulnerability affects the Angeet ES3 KVM (Keyboard, Video, Mouse) switch device, identified by CPE cpe:2.3:a:angeet:es3_kvm:*:*:*:*:*:*:*:*, which is used for remote server management in data centers. The root cause is CWE-78 (OS Command Injection), where the cfg.lua script processes user-controlled variables without proper sanitization or escaping, allowing shell metacharacters to be interpreted by the underlying operating system. KVM devices are critical infrastructure components that provide out-of-band management capabilities for servers, making them high-value targets as they often have privileged access to multiple systems.
RemediationAI
No patch information is currently available in the provided intelligence sources for the Angeet ES3 KVM vulnerability. Organizations should immediately implement compensating controls including restricting network access to KVM devices to trusted management networks only, implementing strong authentication mechanisms, and monitoring for suspicious command execution on affected devices. Contact Angeet support for firmware updates and monitor the CISA advisory at https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/IT/white/2025/va-26-076-01.json for patch availability. Consider replacing end-of-life KVM devices if vendor support is unavailable.
Same weakness CWE-78 – OS Command Injection
View allSame technique Command Injection
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-12614