Skip to main content

Threatsonar Anti Ransomware EUVDEUVD-2026-23800

| CVE-2026-5967 HIGH
OS Command Injection (CWE-78)
2026-04-20 twcert GHSA-49hc-46g6-4c47
8.7
CVSS 4.0 · NVD
Share

Severity by source

NVD PRIMARY
8.7 HIGH
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

7
Analysis Updated
Apr 20, 2026 - 09:43 vuln.today
v2 (cvss_changed)
Re-analysis Queued
Apr 20, 2026 - 09:37 vuln.today
cvss_changed
CVSS changed
Apr 20, 2026 - 09:37 NVD
8.8 (HIGH) 8.7 (HIGH)
Analysis Generated
Apr 20, 2026 - 08:57 vuln.today
EUVD ID Assigned
Apr 20, 2026 - 08:45 euvd
EUVD-2026-23800
Analysis Generated
Apr 20, 2026 - 08:45 vuln.today
CVE Published
Apr 20, 2026 - 07:44 nvd
HIGH 8.7

DescriptionCVE.org

ThreatSonar Anti-Ransomware developed by TeamT5 has an Privilege Escalation vulnerability. Authenticated remote attackers with shell access can inject OS commands and execute them with root privileges.

AnalysisAI

OS command injection in TeamT5 ThreatSonar Anti-Ransomware ≤4.0.0 allows authenticated remote attackers with shell access to escalate privileges to root. Despite the high CVSS score (8.7), exploitation requires legitimate shell access and low-privilege authentication, limiting attack surface to environments where ransomware protection agents are accessible to compromised accounts. EPSS probability is low (0.12%, 32nd percentile), and no active exploitation or public POC has been identified. Taiwan CERT published advisories, suggesting regional deployment significance.

Technical ContextAI

ThreatSonar Anti-Ransomware is an endpoint protection solution developed by TeamT5 for ransomware detection and prevention. The vulnerability stems from CWE-78 (OS Command Injection), where the application fails to properly sanitize user-controlled input before passing it to system shell commands. When authenticated users with shell access interact with the application, they can inject metacharacters or command separators that break out of intended command contexts and execute arbitrary OS commands. The CVSS vector indicates network-accessible attack vector (AV:N) with low complexity (AC:L), requiring low-level authentication (PR:L) but no user interaction (UI:N). The application likely runs privileged processes with root/SYSTEM permissions to monitor filesystem activity and block ransomware behaviors, creating the privilege escalation pathway from low-privileged authenticated users to root execution context.

RemediationAI

Upstream fix availability not independently confirmed from provided data sources. Organizations should immediately consult TeamT5 official channels and the TWCERT advisories (https://www.twcert.org.tw/tw/cp-132-10854-03015-1.html and https://www.twcert.org.tw/en/cp-139-10855-e6d1b-2.html) for patch release status and upgrade instructions targeting versions beyond 4.0.0. As interim compensating controls, restrict shell access to ThreatSonar servers/agents exclusively to administrative accounts using principle of least privilege - remove shell permissions for low-privileged service accounts and standard users. Implement command execution monitoring and logging for ThreatSonar processes to detect injection attempts (monitor for unusual child processes spawned with elevated privileges). Deploy network segmentation to isolate ThreatSonar management interfaces from general user networks, requiring jump-host or VPN access. Note that restricting shell access may impact legitimate administrative workflows and requires coordination with security operations teams. If the product runs agent software on end-user workstations, evaluate whether users have interactive shell access to agent processes and consider application whitelisting or AppLocker policies to prevent unauthorized execution contexts.

Share

EUVD-2026-23800 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy