{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-1791", "assignerOrgId": "2b565742-f273-46f9-b583-07c1fcdea31a", "state": "PUBLISHED", "assignerShortName": "Hillstone", "dateReserved": "2026-02-03T07:34:55.542Z", "datePublished": "2026-02-04T03:11:30.275Z", "dateUpdated": "2026-02-04T20:19:45.301Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "platforms": ["Linux"], "product": "Operation and Maintenance Security Gateway", "vendor": "Hillstone Networks", "versions": [{"status": "affected", "version": "V5.5ST00001B113"}]}], "cpeApplicability": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:hillstone_networks:operation_and_maintenance_security_gateway:v5.5st00001b113:*:linux:*:*:*:*:*", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "OR"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Unrestricted Upload of File with Dangerous Type vulnerability in Hillstone Networks Operation and Maintenance Security Gateway on Linux allows Upload a Web Shell to a Web Server.<p>This issue affects Operation and Maintenance Security Gateway: V5.5ST00001B113.</p>"}], "value": "Unrestricted Upload of File with Dangerous Type vulnerability in Hillstone Networks Operation and Maintenance Security Gateway on Linux allows Upload a Web Shell to a Web Server.This issue affects Operation and Maintenance Security Gateway: V5.5ST00001B113."}], "impacts": [{"capecId": "CAPEC-650", "descriptions": [{"lang": "en", "value": "CAPEC-650 Upload a Web Shell to a Web Server"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 2.7, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-434", "description": "CWE-434 Unrestricted Upload of File with Dangerous Type", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "2b565742-f273-46f9-b583-07c1fcdea31a", "shortName": "Hillstone", "dateUpdated": "2026-02-04T03:11:30.275Z"}, "references": [{"url": "https://www.hillstonenet.com.cn/security-notification/2025/12/08/wgscld/"}], "source": {"discovery": "INTERNAL"}, "title": "Arbitrary File Upload Vulnerability in Operation and Maintenance Security Gateway", "x_generator": {"engine": "Vulnogram 0.5.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-02-04T20:19:39.776978Z", "id": "CVE-2026-1791", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-04T20:19:45.301Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-1791", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-02-04T20:19:39.776978Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-04T20:19:42.898Z"}}], "cna": {"title": "Arbitrary File Upload Vulnerability in Operation and Maintenance Security Gateway", "source": {"discovery": "INTERNAL"}, "impacts": [{"capecId": "CAPEC-650", "descriptions": [{"lang": "en", "value": "CAPEC-650 Upload a Web Shell to a Web Server"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 2.7, "attackVector": "NETWORK", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "HIGH", "confidentialityImpact": "NONE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Hillstone Networks", "product": "Operation and Maintenance Security Gateway", "versions": [{"status": "affected", "version": "V5.5ST00001B113"}], "platforms": ["Linux"], "defaultStatus": "unaffected"}], "references": [{"url": "https://www.hillstonenet.com.cn/security-notification/2025/12/08/wgscld/"}], "x_generator": {"engine": "Vulnogram 0.5.0"}, "descriptions": [{"lang": "en", "value": "Unrestricted Upload of File with Dangerous Type vulnerability in Hillstone Networks Operation and Maintenance Security Gateway on Linux allows Upload a Web Shell to a Web Server.This issue affects Operation and Maintenance Security Gateway: V5.5ST00001B113.", "supportingMedia": [{"type": "text/html", "value": "Unrestricted Upload of File with Dangerous Type vulnerability in Hillstone Networks Operation and Maintenance Security Gateway on Linux allows Upload a Web Shell to a Web Server.<p>This issue affects Operation and Maintenance Security Gateway: V5.5ST00001B113.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-434", "description": "CWE-434 Unrestricted Upload of File with Dangerous Type"}]}], "cpeApplicability": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:hillstone_networks:operation_and_maintenance_security_gateway:v5.5st00001b113:*:linux:*:*:*:*:*", "vulnerable": true}], "operator": "OR"}], "operator": "OR"}], "providerMetadata": {"orgId": "2b565742-f273-46f9-b583-07c1fcdea31a", "shortName": "Hillstone", "dateUpdated": "2026-02-04T03:11:30.275Z"}}}, "cveMetadata": {"cveId": "CVE-2026-1791", "state": "PUBLISHED", "dateUpdated": "2026-02-04T20:19:45.301Z", "dateReserved": "2026-02-03T07:34:55.542Z", "assignerOrgId": "2b565742-f273-46f9-b583-07c1fcdea31a", "datePublished": "2026-02-04T03:11:30.275Z", "assignerShortName": "Hillstone"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Unrestricted Upload of File with Dangerous Type vulnerability in Hillstone Networks Operation and Maintenance Security Gateway on Linux allows Upload a Web Shell to a Web Server.This issue affects Operation and Maintenance Security Gateway: V5.5ST00001B113."}, {"lang": "es", "value": "Una vulnerabilidad de carga sin restricciones de archivo con tipo peligroso en Hillstone Networks Operation and Maintenance Security Gateway en Linux permite cargar un shell web a un servidor web. Este problema afecta a Operation and Maintenance Security Gateway: V5.5ST00001B113."}], "id": "CVE-2026-1791", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 2.7, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 1.4, "source": "sec@hillstonenet.com", "type": "Secondary"}]}, "published": "2026-02-04T04:15:49.440", "references": [{"source": "sec@hillstonenet.com", "url": "https://www.hillstonenet.com.cn/security-notification/2025/12/08/wgscld/"}], "sourceIdentifier": "sec@hillstonenet.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-434"}], "source": "sec@hillstonenet.com", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-17T23:57:46.837658+00:00", "value": {"mitigation_remediation": ["Update the Operation and Maintenance Security Gateway to a firmware revision that removes the unrestricted file\u2011upload capability or implements strict file\u2011type validation.", "Restrict access to the appliance\u2019s administration interface with IP whitelisting or VPN restrictions to limit exposure to trusted administrators.", "If an update is delayed, disable the file\u2011upload feature or configure the device\u2019s web server to reject all non\u2011static content types that are not required for normal operation.", "Regularly monitor audit logs for unexpected file uploads and verify that only approved file types are present on the system."], "summary": {"action": "Immediate Patch", "impact": "Remote Code Execution via Unrestricted File Upload"}, "threat_synthesis": {"affected_systems": "Hillstone Networks Operation and Maintenance Security Gateway version V5.5ST00001B113 running on Linux. The flaw is present only in this exact build; no other versions were identified in the advisory.", "description_and_impact": "The vulnerability allows an attacker to upload files of any type to the Hillstone Networks Operation and Maintenance Security Gateway. Because the upload mechanism does not restrict file formats, a malicious user can place a web shell or other executable content on the device, leading to the execution of arbitrary code on the underlying Linux system. This represents a remote code execution vulnerability with the weakness reflected in CWE\u2011434 and enables the attacker to achieve full control over the device once the shell is triggered.", "risk_and_exploitability": "The CVSS score is 2.7, indicating a low severity rating, and the EPSS score is below 1\u202f%, showing a very low probability of exploitation in the wild. The vulnerability is not listed in the CISA KEV catalog. An attacker would need to reach the web management interface of the gateway, usually through an open network or compromised credentials, to place the malicious file. Once the file is uploaded, executing it grants code\u2011execution rights. Because the flaw resides in the file\u2011upload feature, the attack vector is a remote, network\u2011based exploitation through the web UI; no local privilege escalation or physical access is required."}}}}, "created": "2026-04-18T00:00:09.487456+00:00", "updated": "2026-04-18T00:00:09.487478+00:00", "vendors": []}