Skip to main content

Isherlock Base 4 5

1 CVEs product

Monthly

CVE-2026-6349 CRITICAL PATCH Act Now

OS Command Injection in HGiga iSherlock-base and iSherlock-audit versions 4.5 and 5.5 allows remote unauthenticated attackers to execute arbitrary operating system commands on the server with full system privileges. All four product variants (iSherlock-base-4.5, iSherlock-audit-4.5, iSherlock-base-5.5, iSherlock-audit-5.5) are affected in versions below build 476 (base) and 261 (audit). Vendor-released patch available per Taiwan CERT (TWCERT) advisory. CVSS 4.0 score of 10.0 reflects maximum severity with network attack vector, no authentication required, and high impact to all CIA triad properties including scope change. No public exploit identified at time of analysis.

Command Injection Isherlock Base 4 5 Isherlock Audit 4 5 Isherlock Base 5 5 Isherlock Audit 5 5
NVD VulDB
CVSS 4.0
9.3
EPSS
0.9%
EPSS 1% CVSS 9.3
CRITICAL PATCH Act Now

OS Command Injection in HGiga iSherlock-base and iSherlock-audit versions 4.5 and 5.5 allows remote unauthenticated attackers to execute arbitrary operating system commands on the server with full system privileges. All four product variants (iSherlock-base-4.5, iSherlock-audit-4.5, iSherlock-base-5.5, iSherlock-audit-5.5) are affected in versions below build 476 (base) and 261 (audit). Vendor-released patch available per Taiwan CERT (TWCERT) advisory. CVSS 4.0 score of 10.0 reflects maximum severity with network attack vector, no authentication required, and high impact to all CIA triad properties including scope change. No public exploit identified at time of analysis.

Command Injection Isherlock Base 4 5 Isherlock Audit 4 5 +2
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy