App Lab

1 CVEs product

Monthly

Sort: Newest CVSS Score EPSS Score Oldest

CVE-2026-25933 MEDIUM PATCH This Month

Command injection in Arduino App Lab prior to version 0.4.0 allows an attacker with physical access to a connected device to execute arbitrary shell commands by injecting metacharacters into unsanitized Serial and Address metadata fields during terminal session initialization. The vulnerability stems from insufficient input validation when processing hardware device information, enabling code execution with the privileges of the application.

Command Injection App Lab

NVD GitHub

CVSS 3.1

6.8

EPSS

0.0%

CVE-2026-25933

EPSS 0% CVSS 6.8

MEDIUM PATCH This Month

Command injection in Arduino App Lab prior to version 0.4.0 allows an attacker with physical access to a connected device to execute arbitrary shell commands by injecting metacharacters into unsanitized Serial and Address metadata fields during terminal session initialization. The vulnerability stems from insufficient input validation when processing hardware device information, enabling code execution with the privileges of the application.

Command Injection App Lab

NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy