{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-1413", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2026-01-25T09:50:41.203Z", "datePublished": "2026-01-26T01:32:06.217Z", "dateUpdated": "2026-02-23T08:55:17.522Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2026-02-23T08:55:17.522Z"}, "title": "Sangfor Operation and Maintenance Security Management System HTTP POST Request port_validate portValidate command injection", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-77", "lang": "en", "description": "Command Injection"}]}, {"descriptions": [{"type": "CWE", "cweId": "CWE-74", "lang": "en", "description": "Injection"}]}], "affected": [{"vendor": "Sangfor", "product": "Operation and Maintenance Security Management System", "versions": [{"version": "3.0.0", "status": "affected"}, {"version": "3.0.1", "status": "affected"}, {"version": "3.0.2", "status": "affected"}, {"version": "3.0.3", "status": "affected"}, {"version": "3.0.4", "status": "affected"}, {"version": "3.0.5", "status": "affected"}, {"version": "3.0.6", "status": "affected"}, {"version": "3.0.7", "status": "affected"}, {"version": "3.0.8", "status": "affected"}, {"version": "3.0.9", "status": "affected"}, {"version": "3.0.10", "status": "affected"}, {"version": "3.0.11", "status": "affected"}, {"version": "3.0.12", "status": "affected"}], "modules": ["HTTP POST Request Handler"]}], "descriptions": [{"lang": "en", "value": "A vulnerability was found in Sangfor Operation and Maintenance Security Management System up to 3.0.12. This affects the function portValidate of the file /fort/ip_and_port/port_validate of the component HTTP POST Request Handler. Performing a manipulation of the argument port results in command injection. The attack can be initiated remotely. The exploit has been made public and could be used."}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 5.3, "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P", "baseSeverity": "MEDIUM"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 6.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R", "baseSeverity": "MEDIUM"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 6.3, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R", "baseSeverity": "MEDIUM"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 6.5, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR"}}], "timeline": [{"time": "2026-01-25T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2026-01-25T01:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2026-01-31T07:44:08.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "hhsw34 (VulDB User)", "type": "reporter"}], "references": [{"url": "https://vuldb.com/?id.342802", "name": "VDB-342802 | Sangfor Operation and Maintenance Security Management System HTTP POST Request port_validate portValidate command injection", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.342802", "name": "VDB-342802 | CTI Indicators (IOB, IOC, TTP, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.736522", "name": "Submit #736522 | Sangfor Operation and Maintenance Security Management System (OSM / \u8fd0\u7ef4\u5b89\u5168\u7ba1\u7406\u7cfb\u7edf) v3.0.12 Command Injection", "tags": ["third-party-advisory"]}, {"url": "https://github.com/LX-LX88/cve/issues/23", "tags": ["broken-link", "exploit", "issue-tracking"]}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-01-26T17:27:47.626483Z", "id": "CVE-2026-1413", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-26T17:27:53.149Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-1413", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-01-26T17:27:47.626483Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-26T17:27:50.606Z"}}], "cna": {"title": "Sangfor Operation and Maintenance Security Management System HTTP POST Request port_validate portValidate command injection", "credits": [{"lang": "en", "type": "reporter", "value": "hhsw34 (VulDB User)"}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 6.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 6.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 6.5, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR"}}], "affected": [{"vendor": "Sangfor", "modules": ["HTTP POST Request Handler"], "product": "Operation and Maintenance Security Management System", "versions": [{"status": "affected", "version": "3.0.0"}, {"status": "affected", "version": "3.0.1"}, {"status": "affected", "version": "3.0.2"}, {"status": "affected", "version": "3.0.3"}, {"status": "affected", "version": "3.0.4"}, {"status": "affected", "version": "3.0.5"}, {"status": "affected", "version": "3.0.6"}, {"status": "affected", "version": "3.0.7"}, {"status": "affected", "version": "3.0.8"}, {"status": "affected", "version": "3.0.9"}, {"status": "affected", "version": "3.0.10"}, {"status": "affected", "version": "3.0.11"}, {"status": "affected", "version": "3.0.12"}]}], "timeline": [{"lang": "en", "time": "2026-01-25T00:00:00.000Z", "value": "Advisory disclosed"}, {"lang": "en", "time": "2026-01-25T01:00:00.000Z", "value": "VulDB entry created"}, {"lang": "en", "time": "2026-01-31T07:44:08.000Z", "value": "VulDB entry last update"}], "references": [{"url": "https://vuldb.com/?id.342802", "name": "VDB-342802 | Sangfor Operation and Maintenance Security Management System HTTP POST Request port_validate portValidate command injection", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.342802", "name": "VDB-342802 | CTI Indicators (IOB, IOC, TTP, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.736522", "name": "Submit #736522 | Sangfor Operation and Maintenance Security Management System (OSM / \u8fd0\u7ef4\u5b89\u5168\u7ba1\u7406\u7cfb\u7edf) v3.0.12 Command Injection", "tags": ["third-party-advisory"]}, {"url": "https://github.com/LX-LX88/cve/issues/23", "tags": ["broken-link", "exploit", "issue-tracking"]}], "descriptions": [{"lang": "en", "value": "A vulnerability was found in Sangfor Operation and Maintenance Security Management System up to 3.0.12. This affects the function portValidate of the file /fort/ip_and_port/port_validate of the component HTTP POST Request Handler. Performing a manipulation of the argument port results in command injection. The attack can be initiated remotely. The exploit has been made public and could be used."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-77", "description": "Command Injection"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-74", "description": "Injection"}]}], "providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2026-02-23T08:55:17.522Z"}}}, "cveMetadata": {"cveId": "CVE-2026-1413", "state": "PUBLISHED", "dateUpdated": "2026-02-23T08:55:17.522Z", "dateReserved": "2026-01-25T09:50:41.203Z", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "datePublished": "2026-01-26T01:32:06.217Z", "assignerShortName": "VulDB"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:sangfor:operation_and_maintenance_security_management_system:*:*:*:*:*:*:*:*", "matchCriteriaId": "B2514FE4-F7D8-46CC-9ACF-FC9B7433599F", "versionEndIncluding": "3.0.12", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability was found in Sangfor Operation and Maintenance Security Management System up to 3.0.12. This affects the function portValidate of the file /fort/ip_and_port/port_validate of the component HTTP POST Request Handler. Performing a manipulation of the argument port results in command injection. The attack can be initiated remotely. The exploit has been made public and could be used."}, {"lang": "es", "value": "Se encontr\u00f3 una vulnerabilidad en el Sistema de Gesti\u00f3n de Seguridad de Operaci\u00f3n y Mantenimiento de Sangfor hasta la versi\u00f3n 3.0.12. Esto afecta la funci\u00f3n portValidate del archivo /fort/ip_and_port/port_validate del componente Manejador de Solicitudes POST HTTP. Realizar una manipulaci\u00f3n del argumento port resulta en inyecci\u00f3n de comandos. El ataque puede iniciarse de forma remota. El exploit se ha hecho p\u00fablico y podr\u00eda ser utilizado."}], "id": "CVE-2026-1413", "lastModified": "2026-04-29T01:00:01.613", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "cna@vuldb.com", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.4, "source": "cna@vuldb.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 2.1, "baseSeverity": "LOW", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "PROOF_OF_CONCEPT", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "LOW", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "cna@vuldb.com", "type": "Secondary"}]}, "published": "2026-01-26T02:15:48.767", "references": [{"source": "cna@vuldb.com", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://github.com/LX-LX88/cve/issues/23"}, {"source": "cna@vuldb.com", "tags": ["Permissions Required", "VDB Entry"], "url": "https://vuldb.com/?ctiid.342802"}, {"source": "cna@vuldb.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://vuldb.com/?id.342802"}, {"source": "cna@vuldb.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://vuldb.com/?submit.736522"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-74"}, {"lang": "en", "value": "CWE-77"}], "source": "cna@vuldb.com", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-77"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-18T02:47:30.098803+00:00", "value": {"mitigation_remediation": ["Apply the vendor\u2019s latest patch or upgrade to a version newer than 3.0.12 that removes the command injection flaw.", "If a patch is not yet available, limit network access to the /fort/ip_and_port/port_validate endpoint to trusted IP ranges or disable the endpoint entirely if the function is not required.", "Implement input validation for the \"port\" parameter, ensuring that only numeric values are accepted, and remove any direct command\u2011execution logic that does not properly sanitize user input."], "summary": {"action": "Immediate Patch", "impact": "Remote Command Injection"}, "threat_synthesis": {"affected_systems": "Sangfor Operation and Maintenance Security Management System versions up to and including 3.0.12 are affected. The vulnerability is present in the HTTP POST request handler for the /fort/ip_and_port/port_validate endpoint. No other versions or product lines are listed as affected.", "description_and_impact": "The vulnerability resides in a parameter handling flaw within the portValidate function of the Sangfor Operation and Maintenance Security Management System. A crafted HTTP POST request with an unvalidated \"port\" argument enables command injection, allowing an attacker to execute arbitrary commands on the underlying system. This can compromise confidentiality, integrity, and availability of the affected host by providing attackers with the same privileges the web service runs under. The flaw is identified as CWE-74 and CWE-77, indicating improper input validation and unsafe execution of OS commands.", "risk_and_exploitability": "The CVSS score of 5.3 reflects a moderate severity. An EPSS score of less than 1% suggests that, so far, exploitation attempts are rare, but a public exploit exists, implying that the vulnerability is actively available for use. The defect can be activated remotely by sending a specially crafted POST request to the portValidate endpoint. No authentication requirement is mentioned, so network access to the server is the primary prerequisite. The vulnerability is not cataloged in CISA\u2019s KEV list, but its public exploit and command\u2011execution potential warrant immediate attention."}}}}, "created": "2026-01-26T11:47:58.189776+00:00", "updated": "2026-04-18T03:00:10.312551+00:00", "vendors": ["sangfor", "sangfor$PRODUCT$operation_and_maintenance_security_management_system"]}