Skip to main content

Canias ERP EUVD-2026-28953

| CVE-2026-8217 LOW
OS Command Injection (CWE-78)
2026-05-10 VulDB GHSA-25r6-gqj3-prpr
Command Injection
2.1
CVSS 4.0

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

4
Analysis Generated
May 10, 2026 - 02:29 vuln.today
Severity Changed
May 10, 2026 - 02:22 NVD
MEDIUM LOW
CVSS changed
May 10, 2026 - 02:22 NVD
6.3 (MEDIUM) 2.1 (LOW)
CVE Published
May 10, 2026 - 01:15 nvd
LOW 2.1

DescriptionNVD

A security flaw has been discovered in Industrial Application Software IAS Canias ERP 8.03. Impacted is the function Runtime.getRuntime.exec of the component RMI Interface. Performing a manipulation of the argument troiaCode results in os command injection. The attack may be initiated remotely. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.

AnalysisAI

OS command injection via Runtime.getRuntime.exec in Canias ERP 8.03 RMI Interface allows authenticated remote attackers to execute arbitrary operating system commands by manipulating the troiaCode argument. The vulnerability carries low confidentiality, integrity, and availability impact (CVSS 2.1), but publicly available exploit code exists and the vendor has not responded to early disclosure.

Sign in for full analysis, threat intelligence, and remediation guidance.

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Sign in - Free

Share

EUVD-2026-28953 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy