Skip to main content

Oinone Pamirs EUVD-2026-30547

| CVE-2026-39054 HIGH
Command Injection (CWE-77)
2026-05-15 cve@mitre.org GHSA-3vmq-hg3m-f8qq
Command Injection
7.3
CVSS 3.1
Share

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
Low
Availability
Low

Lifecycle Timeline

3
Analysis Generated
May 15, 2026 - 18:00 vuln.today
CVSS changed
May 15, 2026 - 16:22 NVD
7.3 (HIGH)
CVE Published
May 15, 2026 - 15:16 nvd
UNKNOWN (no severity yet)

DescriptionNVD

Oinone Pamirs 7.0.0 contains a command injection vulnerability in CommandHelper.executeCommands. The method starts a shell process and writes attacker-controlled command strings directly to the process standard input without sanitization. In affected deployments, this can result in arbitrary operating system command execution.

AnalysisAI

Command injection in Oinone Pamirs 7.0.0 allows remote unauthenticated attackers to execute arbitrary OS commands through the CommandHelper.executeCommands method. The vulnerability stems from unsanitized command strings being passed directly to a shell process's standard input. …

Sign in for full analysis, threat intelligence, and remediation guidance.

RemediationAI

Within 24 hours: Identify all systems running Oinone Pamirs 7.0.0 in your environment and document their criticality level and network exposure. Within 7 days: Implement network segmentation to restrict access to Oinone Pamirs instances from untrusted networks, and enable detailed logging on affected systems. …

Sign in for detailed remediation steps.

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Sign in - Free

Share

EUVD-2026-30547 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy