Skip to main content

sonic-agent EUVDEUVD-2026-43217

| CVE-2026-15495 LOW
OS Command Injection (CWE-78)
2026-07-12 VulDB GHSA-g497-v9rm-7w4w
2.1
CVSS 4.0 · Vendor: VulDB

Severity by source

Vendor (VulDB) PRIMARY
2.1 MEDIUM
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vuln.today AI
8.8 HIGH

Network-accessible WebSocket requires PR:L per CVSS vector; CWE-78 OS command injection on a server host realistically yields full system access, warranting C:H/I:H/A:H.

3.1 AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
4.0 AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Primary rating from Vendor (VulDB).

CVSS VectorVendor: VulDB

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

4
Analysis Generated
Jul 12, 2026 - 11:32 vuln.today
Severity Changed
Jul 12, 2026 - 11:22 NVD
MEDIUM LOW
CVSS changed
Jul 12, 2026 - 11:22 NVD
5.3 (MEDIUM) 2.1 (LOW)
CVE Published
Jul 12, 2026 - 10:45 cve.org
LOW 2.1

DescriptionCVE.org

A vulnerability has been found in SonicCloudOrg sonic-agent up to 2.7.2. The affected element is an unknown function of the file AndroidWSServer.java of the component Android WebSocket Server. The manipulation of the argument path leads to os command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. This vulnerability only affects products that are no longer supported by the maintainer.

AnalysisAI

OS command injection in SonicCloudOrg sonic-agent (all versions up to 2.7.2) enables remote code execution through the Android WebSocket Server component. An authenticated remote attacker can manipulate the path argument in AndroidWSServer.java to inject arbitrary OS commands on the host running the agent. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Authenticate to WebSocket endpoint
Delivery
Craft malicious path parameter with shell metacharacters
Exploit
Submit pullFile request to AndroidWSServer.java
Execution
Trigger unsanitized OS command execution
Impact
Execute arbitrary commands in agent process context

Vulnerability AssessmentAI

Exploitation Exploitation requires three concrete conditions: (1) network reachability to the TCP port on which the sonic-agent Android WebSocket Server is listening - the CVSS AV:N metric confirms this is a network-level attack, not local-only; (2) low-privilege authenticated access to the WebSocket endpoint, as indicated by the CVSS PR:L metric - unauthenticated exploitation is not supported by the available vector data; (3) the sonic-agent service must be actively running with the Android WebSocket Server component enabled, which is a standard operational mode for the product. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The official CVSS 4.0 score of 2.1 with impact metrics VC:L/VI:L/VA:L is significantly more conservative than expected for a CWE-78 OS command injection - a vulnerability class that typically affords arbitrary code execution and full host compromise. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker with low-privilege authenticated access to the sonic-agent WebSocket endpoint submits a file-pull request with a `path` parameter containing shell metacharacters - for example, appending '; id > /tmp/pwned' to a valid path string. AndroidWSServer.java passes this unsanitized value directly into an OS command invocation, executing the injected payload in the context of the user running the sonic-agent process. …
Remediation No vendor-released patch exists - sonic-agent is end-of-life and the vendor did not respond to disclosure. … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

More in Java

View all
CVE-2012-4681 CRITICAL POC
9.8 Aug 28

Oracle Java SE 7 Update 6 and earlier contains multiple sandbox bypass vulnerabilities via the ClassFinder and forName m

CVE-2015-7450 CRITICAL POC
9.8 Jan 02

Remote code execution in IBM Sterling B2B Integrator, Sterling Integrator, and Tivoli Common Reporting allows unauthenti

CVE-2013-2465 CRITICAL POC
9.8 Jun 18

Java Runtime Environment sandbox bypass via incorrect image channel verification in 2D component allows remote unauthent

CVE-2011-3544 CRITICAL POC
9.8 Oct 19

Oracle Java SE JDK/JRE 7 and 6 Update 27 and earlier allows remote code execution with complete system compromise throug

CVE-2010-1871 HIGH POC
8.8 Aug 05

JBoss Seam 2 in Red Hat JBoss EAP 4.3.0 fails to sanitize JBoss Expression Language inputs, allowing remote attackers to

CVE-2012-1723 CRITICAL POC
9.8 Jun 16

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 up

CVE-2013-0422 CRITICAL POC
9.8 Jan 10

Multiple vulnerabilities in Oracle Java 7 before Update 11 allow remote attackers to execute arbitrary code by (1) using

CVE-2012-0507 CRITICAL POC
9.8 Jun 07

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Up

CVE-2015-4852 CRITICAL POC
9.8 Nov 18

The WLS Security component in Oracle WebLogic Server 10.3.6.0, 12.1.2.0, 12.1.3.0, and 12.2.1.0 allows remote attackers

CVE-2012-5076 CRITICAL POC
9.8 Oct 16

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier allow

CVE-2017-3066 CRITICAL POC
9.8 Apr 27

Remote unauthenticated attackers can execute arbitrary code on Adobe ColdFusion servers through Java deserialization fla

CVE-2012-0391 CRITICAL POC
9.8 Jan 08

The ExceptionDelegator component in Apache Struts before 2.2.3.1 interprets parameter values as OGNL expressions during

Share

EUVD-2026-43217 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy