Skip to main content

Supermicro BMC EUVDEUVD-2026-34226

| CVE-2026-3820 HIGH
OS Command Injection (CWE-78)
2026-06-04 Supermicro GHSA-wp43-6fh8-q2qr
7.2
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.2 HIGH
AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
Analysis Generated
Jun 04, 2026 - 09:00 vuln.today

DescriptionCVE.org

There is a vulnerability in the Supermicro BMC SMTP service at Supermicro AS-2115HS-TNR. An attacker may obtain administrator privileges and inject specially crafted characters into the SMTP service configuration. This may cause the underlying system to execute unintended commands during process invocation.

Potential impact includes denial-of-service attacks, arbitrary code execution, or permanent compromise of the controller.

AnalysisAI

Command injection in the Supermicro AS-2115HS-TNR BMC's SMTP service allows an authenticated administrator to inject crafted characters into the SMTP configuration, causing the underlying system to execute unintended OS commands during process invocation. Successful exploitation can yield arbitrary code execution on the baseboard management controller, denial of service, or persistent compromise of the management plane. No public exploit identified at time of analysis, and the issue is not currently listed in CISA KEV.

Technical ContextAI

Baseboard Management Controllers (BMCs) are independent microcontrollers embedded on server motherboards that provide out-of-band management via IPMI, Redfish, and a dedicated web UI; the SMTP component is used by the BMC to deliver alert email notifications. The flaw is classified as CWE-78 (Improper Neutralization of Special Elements used in an OS Command), meaning user-controllable input from the SMTP configuration is passed unsanitized into a shell or process invocation, allowing argument or command-separator metacharacters to break out of the intended command. The affected CPE is cpe:2.3:a:smci:as-2115hs-tnr, identifying the BMC firmware shipped on Supermicro's AS-2115HS-TNR Hyper server platform.

RemediationAI

Patch available per vendor advisory - consult the Supermicro June 2026 BMC/IPMI bulletin at https://www.supermicro.com/en/support/security_BMC_IPMI_Jun_2026 for the fixed BMC firmware image for the AS-2115HS-TNR and apply it via the BMC web UI or vendor flashing utility, noting that BMC firmware updates typically require a management-controller reboot but do not disrupt the host OS. As compensating controls until firmware can be staged, restrict BMC management interfaces to a dedicated out-of-band VLAN reachable only from trusted jump hosts (mitigates the AV:N component but does not address insider/admin abuse), rotate and uniquely scope BMC administrator credentials and disable any shared/default accounts (directly raises the PR:H bar that this CVE depends on), and where feasible disable the SMTP alerting feature in the BMC configuration to remove the vulnerable code path - accepting the trade-off that email-based hardware alerts will no longer be delivered and an alternative monitoring channel (SNMP traps, Redfish event subscription, syslog) must be configured.

Share

EUVD-2026-34226 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy