Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
10DescriptionCVE.org
The iSherlock developed by HGiga has an OS Command Injection vulnerability, allowing unauthenticated local attackers to inject arbitrary OS commands and execute them on the server.
AnalysisAI
OS Command Injection in HGiga iSherlock-base and iSherlock-audit versions 4.5 and 5.5 allows remote unauthenticated attackers to execute arbitrary operating system commands on the server with full system privileges. All four product variants (iSherlock-base-4.5, iSherlock-audit-4.5, iSherlock-base-5.5, iSherlock-audit-5.5) are affected in versions below build 476 (base) and 261 (audit). Vendor-released patch available per Taiwan CERT (TWCERT) advisory. CVSS 4.0 score of 10.0 reflects maximum severity with network attack vector, no authentication required, and high impact to all CIA triad properties including scope change. No public exploit identified at time of analysis.
Technical ContextAI
iSherlock is an enterprise security product developed by HGiga, likely providing intrusion detection, audit logging, or security monitoring capabilities based on the product naming (-base and -audit editions). The vulnerability is rooted in CWE-78 (Improper Neutralization of Special Elements used in an OS Command), a classic injection flaw where user-controlled input is passed to system shell commands without proper sanitization. Affected products per CPE data: iSherlock-base-4.5 (all builds <476), iSherlock-audit-4.5 (all builds <261), iSherlock-base-5.5 (all builds <476), and iSherlock-audit-5.5 (all builds <261). The command injection likely occurs in a network-accessible interface or API endpoint that processes external input and executes system commands, possibly for administrative functions, log processing, or system configuration tasks common in security appliances.
RemediationAI
Upgrade immediately to patched versions: iSherlock-base-4.5 build 476 or later, iSherlock-audit-4.5 build 261 or later, iSherlock-base-5.5 build 476 or later, and iSherlock-audit-5.5 build 261 or later as specified in EUVD-2026-23165. Consult HGiga vendor through TWCERT advisory channels at https://www.twcert.org.tw/en/cp-139-10841-4f504-2.html for patch acquisition and installation procedures. If immediate patching is not possible, implement network-level access controls to restrict iSherlock management interfaces to trusted IP ranges only (specific administrative VLANs or jump hosts), eliminating public internet exposure. Place vulnerable systems behind web application firewall (WAF) with strict input validation rules blocking shell metacharacters (semicolons, pipes, backticks, dollar signs, ampersands) in all HTTP parameters and headers, though this provides incomplete protection against sophisticated encoding attacks. Monitor system command execution logs and network traffic for unusual shell activity or unexpected outbound connections from iSherlock servers. Note that restricting network access significantly reduces attack surface but may impact legitimate remote administration workflows requiring VPN or bastion host access. Do not rely solely on application-level authentication as the vulnerability bypasses authentication mechanisms entirely.
Same weakness CWE-78 – OS Command Injection
View allSame technique Command Injection
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-23165
GHSA-hx2j-xhcm-gv72