Vaelsys

1 CVEs product

Monthly

Sort: Newest CVSS Score EPSS Score Oldest

CVE-2026-2952 HIGH POC This Week

Remote code execution in Vaelsys 4.1.0 allows unauthenticated attackers to execute arbitrary OS commands via malicious xajaxargs parameters sent to the /tree/tree_server.php endpoint. Public exploit code exists for this vulnerability, and the vendor has not released a patch despite early notification. This network-accessible flaw poses immediate risk to exposed Vaelsys installations.

PHP Command Injection Vaelsys

NVD GitHub VulDB

CVSS 3.1

7.3

EPSS

0.3%

CVE-2026-2952

EPSS 0% CVSS 7.3

HIGH POC This Week

Remote code execution in Vaelsys 4.1.0 allows unauthenticated attackers to execute arbitrary OS commands via malicious xajaxargs parameters sent to the /tree/tree_server.php endpoint. Public exploit code exists for this vulnerability, and the vendor has not released a patch despite early notification. This network-accessible flaw poses immediate risk to exposed Vaelsys installations.

PHP Command Injection Vaelsys

NVD GitHub VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy