Skip to main content

CFEngine EUVD-2026-30276

| CVE-2026-24712 HIGH
Command Injection (CWE-77)
2026-05-14 mitre GHSA-mcq4-jrhv-99mg
Command Injection
7.3
CVSS 3.1
Share

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
Low
Availability
Low

Lifecycle Timeline

3
Analysis Generated
May 15, 2026 - 15:22 vuln.today
CVSS changed
May 15, 2026 - 15:22 NVD
7.3 (None) 7.3 (HIGH)
CVE Published
May 14, 2026 - 00:00 nvd
UNKNOWN (no severity yet)

DescriptionNVD

Northern.tech CFEngine Enterprise and Community before 3.21.8, 3.24.3, and 3.27.0 allows Command injection.

AnalysisAI

Command injection in CFEngine Enterprise and Community editions before versions 3.21.8, 3.24.3, and 3.27.0 enables remote unauthenticated attackers to execute arbitrary commands on the system. The vulnerability has an EPSS score of 0.15% indicating relatively low exploitation probability, and no public exploit identified at time of analysis. …

Sign in for full analysis, threat intelligence, and remediation guidance.

RemediationAI

Within 24 hours: Inventory all CFEngine deployments and identify instances running versions before 3.21.8, 3.24.3, or 3.27.0; document current patch levels and network exposure. Within 7 days: Upgrade CFEngine Community to version 3.27.0, CFEngine Enterprise to version 3.24.3, or CFEngine Legacy to version 3.21.8; prioritize internet-facing or trust-boundary instances first. …

Sign in for detailed remediation steps.

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Sign in - Free

Share

EUVD-2026-30276 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy