Severity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
Lifecycle Timeline
3DescriptionCVE.org
A configuration file on the local file system had improper input validation which could allow code execution and potentially lead to privilege escalation. This vulnerability can only be exploited if an attacker can log in to the Axis device using SSH.
AnalysisAI
Improper input validation in an Axis OS configuration file allows authenticated SSH users to execute code and potentially escalate privileges. The vulnerability requires valid SSH credentials but affects all Axis OS versions, making it a significant risk for organizations running Axis network devices with SSH access exposed or shared credentials.
Technical ContextAI
The vulnerability exists in a local configuration file on Axis OS devices that lacks proper input validation (CWE-732: Incorrect Permission Assignment for Critical Resource). The affected software is Axis OS running on Axis Communications network devices, with the CPE indicating all versions are potentially vulnerable. The configuration file processing mechanism does not sanitize or validate input before execution, allowing an authenticated local or remote user with SSH access to inject commands that execute with elevated privileges. This is a post-authentication code execution flaw that leverages improper file permission or validation controls.
RemediationAI
Apply the latest Axis OS firmware version provided by Axis Communications, as specified in the official security advisory (https://www.axis.com/dam/public/69/df/8d/cve-2026-1185pdf-en-US-530733.pdf). Interim compensating controls: restrict SSH access to trusted networks using firewall rules to limit remote login capabilities, disable SSH on Axis devices that do not require remote management, enforce strong password policies for SSH-enabled accounts, implement network segmentation to isolate Axis devices from general user networks, and monitor SSH authentication logs for unauthorized access attempts. Note that all workarounds are temporary; patching is the definitive fix.
Privilege escalation in Axis VAPIX framework.
Privilege escalation vulnerability in Axis Communications' VAPIX Device Configuration framework that allows a local, aut
A user controlled parameter related to SMTP test functionality is not correctly validated making it possible to add the
During an annual penetration test conducted on behalf of Axis Communication, Truesec discovered a flaw in the ACAP Appli
Sandro Poppi, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API overlay_del.cgi is vulnerable to pa
During an annual penetration test conducted on behalf of Axis Communication, Truesec discovered a flaw in the VAPIX Devi
A user controlled parameter related to SMTP test functionality is not correctly validated making it possible to bypass b
GoSecure on behalf of Genetec Inc. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attac
The VAPIX API mediaclip.cgi that did not have a sufficient input validation allowing for a possible remote code executio
Sandro Poppi, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API irissetup.cgi was vulnerable to pat
Sandro Poppi, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API manageoverlayimage.cgi was vulnerab
During internal Axis Security Development Model (ASDM) threat-modelling, a flaw was found in the protection for device t
Same technique Privilege Escalation
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-29386
GHSA-f6c8-p53h-5ph7