{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-40032", "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "state": "PUBLISHED", "assignerShortName": "VulnCheck", "dateReserved": "2026-04-08T13:36:53.761Z", "datePublished": "2026-04-08T21:35:27.020Z", "dateUpdated": "2026-04-09T19:32:44.357Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "shortName": "VulnCheck", "dateUpdated": "2026-04-08T21:35:27.020Z"}, "title": "UAC < 3.3.0-rc1 Command Injection via Placeholder Substitution", "descriptions": [{"lang": "en", "value": "UAC (Unix-like Artifacts Collector) before 3.3.0-rc1 contains a command injection vulnerability in the placeholder substitution and command execution pipeline where the _run_command() function passes constructed command strings directly to eval without proper sanitization. Attackers can inject shell metacharacters or command substitutions through attacker-controlled inputs including %line% values from foreach iterators and %user% / %user_home% values derived from system files to achieve arbitrary command execution with the privileges of the UAC process."}], "tags": ["x_open-source"], "datePublic": "2026-03-28T00:00:00.000Z", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-78", "description": "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') (CWE-78)", "type": "CWE"}]}], "affected": [{"vendor": "tclahr", "product": "UAC", "defaultStatus": "unaffected", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "3.2.0", "versionType": "semver"}, {"version": "3.3.0-rc1", "status": "unaffected", "versionType": "semver"}]}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV4_0": {"attackVector": "LOCAL", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "PASSIVE", "vulnConfidentialityImpact": "HIGH", "subConfidentialityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "subIntegrityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "version": "4.0", "baseSeverity": "HIGH", "baseScore": 8.5, "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"}}, {"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "version": "3.1", "baseSeverity": "HIGH", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}}], "references": [{"url": "https://github.com/tclahr/uac/pull/443", "name": "Pull Request", "tags": ["product"]}, {"url": "https://github.com/tclahr/uac/commit/cb95d7166cd47908e1189d9669e43f9a6d3d707f", "name": "Patch Commit #1", "tags": ["patch"]}, {"url": "https://github.com/tclahr/uac/commit/50ace60e172e38feb78347bdf579311c23eff078", "name": "Patch Commit #2", "tags": ["patch"]}, {"url": "https://github.com/tclahr/uac/commit/d0fca5e36d8d6a33a4404f0f6fe92b0424544589", "name": "Patch Commit #3", "tags": ["patch"]}, {"url": "https://github.com/tclahr/uac/issues/429", "name": "Related Issue", "tags": ["product"]}, {"url": "https://mobasi.ai/sentinel", "name": "Mobasi Sentinel Vulnerability Index", "tags": ["vendor-advisory"]}, {"name": "VulnCheck Advisory: UAC < 3.3.0-rc1 Command Injection via Placeholder Substitution", "tags": ["third-party-advisory"], "url": "https://www.vulncheck.com/advisories/uac-rc1-command-injection-via-placeholder-substitution"}], "credits": [{"lang": "en", "value": "Mobasi Security Team", "type": "finder"}], "x_generator": {"engine": "vulncheck"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-09T19:32:33.886220Z", "id": "CVE-2026-40032", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-09T19:32:44.357Z"}}]}}

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-40032", "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "state": "PUBLISHED", "assignerShortName": "VulnCheck", "dateReserved": "2026-04-08T13:36:53.761Z", "datePublished": "2026-04-08T21:35:27.020Z", "dateUpdated": "2026-04-09T19:32:44.357Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "shortName": "VulnCheck", "dateUpdated": "2026-04-08T21:35:27.020Z"}, "title": "UAC < 3.3.0-rc1 Command Injection via Placeholder Substitution", "descriptions": [{"lang": "en", "value": "UAC (Unix-like Artifacts Collector) before 3.3.0-rc1 contains a command injection vulnerability in the placeholder substitution and command execution pipeline where the _run_command() function passes constructed command strings directly to eval without proper sanitization. Attackers can inject shell metacharacters or command substitutions through attacker-controlled inputs including %line% values from foreach iterators and %user% / %user_home% values derived from system files to achieve arbitrary command execution with the privileges of the UAC process."}], "tags": ["x_open-source"], "datePublic": "2026-03-28T00:00:00.000Z", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-78", "description": "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') (CWE-78)", "type": "CWE"}]}], "affected": [{"vendor": "tclahr", "product": "UAC", "defaultStatus": "unaffected", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "3.2.0", "versionType": "semver"}, {"version": "3.3.0-rc1", "status": "unaffected", "versionType": "semver"}]}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV4_0": {"attackVector": "LOCAL", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "PASSIVE", "vulnConfidentialityImpact": "HIGH", "subConfidentialityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "subIntegrityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "version": "4.0", "baseSeverity": "HIGH", "baseScore": 8.5, "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"}}, {"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "version": "3.1", "baseSeverity": "HIGH", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}}], "references": [{"url": "https://github.com/tclahr/uac/pull/443", "name": "Pull Request", "tags": ["product"]}, {"url": "https://github.com/tclahr/uac/commit/cb95d7166cd47908e1189d9669e43f9a6d3d707f", "name": "Patch Commit #1", "tags": ["patch"]}, {"url": "https://github.com/tclahr/uac/commit/50ace60e172e38feb78347bdf579311c23eff078", "name": "Patch Commit #2", "tags": ["patch"]}, {"url": "https://github.com/tclahr/uac/commit/d0fca5e36d8d6a33a4404f0f6fe92b0424544589", "name": "Patch Commit #3", "tags": ["patch"]}, {"url": "https://github.com/tclahr/uac/issues/429", "name": "Related Issue", "tags": ["product"]}, {"url": "https://mobasi.ai/sentinel", "name": "Mobasi Sentinel Vulnerability Index", "tags": ["vendor-advisory"]}, {"name": "VulnCheck Advisory: UAC < 3.3.0-rc1 Command Injection via Placeholder Substitution", "tags": ["third-party-advisory"], "url": "https://www.vulncheck.com/advisories/uac-rc1-command-injection-via-placeholder-substitution"}], "credits": [{"lang": "en", "value": "Mobasi Security Team", "type": "finder"}], "x_generator": {"engine": "vulncheck"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-40032", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-04-09T19:32:33.886220Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-09T19:32:40.243Z"}}]}}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "UAC (Unix-like Artifacts Collector) before 3.3.0-rc1 contains a command injection vulnerability in the placeholder substitution and command execution pipeline where the _run_command() function passes constructed command strings directly to eval without proper sanitization. Attackers can inject shell metacharacters or command substitutions through attacker-controlled inputs including %line% values from foreach iterators and %user% / %user_home% values derived from system files to achieve arbitrary command execution with the privileges of the UAC process."}], "id": "CVE-2026-40032", "lastModified": "2026-04-13T15:02:47.353", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "disclosure@vulncheck.com", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "availabilityRequirement": "NOT_DEFINED", "baseScore": 8.5, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "PASSIVE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "disclosure@vulncheck.com", "type": "Secondary"}]}, "published": "2026-04-08T22:16:23.827", "references": [{"source": "disclosure@vulncheck.com", "url": "https://github.com/tclahr/uac/commit/50ace60e172e38feb78347bdf579311c23eff078"}, {"source": "disclosure@vulncheck.com", "url": "https://github.com/tclahr/uac/commit/cb95d7166cd47908e1189d9669e43f9a6d3d707f"}, {"source": "disclosure@vulncheck.com", "url": "https://github.com/tclahr/uac/commit/d0fca5e36d8d6a33a4404f0f6fe92b0424544589"}, {"source": "disclosure@vulncheck.com", "url": "https://github.com/tclahr/uac/issues/429"}, {"source": "disclosure@vulncheck.com", "url": "https://github.com/tclahr/uac/pull/443"}, {"source": "disclosure@vulncheck.com", "url": "https://mobasi.ai/sentinel"}, {"source": "disclosure@vulncheck.com", "url": "https://www.vulncheck.com/advisories/uac-rc1-command-injection-via-placeholder-substitution"}], "sourceIdentifier": "disclosure@vulncheck.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-78"}], "source": "disclosure@vulncheck.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,3.2.0]"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "3.3.0-rc1"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "UAC", "source": "cna", "vendor": "tclahr"}, "product": "uac", "vendor": "tclahr"}], "analysis": {"en": {"generated_at": "2026-04-08T22:22:17.096713+00:00", "value": {"mitigation_remediation": ["Upgrade UAC to version 3.3.0\u2011rc1 or later.", "Verify that the upgrade has been successfully applied and the UAC process no longer uses the insecure eval path."], "summary": {"action": "Patch Immediately", "impact": "Arbitrary Command Execution"}, "threat_synthesis": {"affected_systems": "Affected are installations of UAC by tclahr before version 3.3.0\u2011rc1. The vulnerability resides in the placeholder substitution logic of the _run_command function and is present in all releases up to, but not including, 3.3.0\u2011rc1. No other versions are known to be impacted.", "description_and_impact": "UAC (Unix-like Artifacts Collector) that processes log or system files builds command strings by interpolating placeholder values and then passes them to eval without sanitization. This flaw, identified as CWE\u201178, permits a malicious actor to inject shell metacharacters or command substitutions through attacker\u2011controlled inputs such as %line% values from foreach iterators and system\u2011derived %user% or %user_home% placeholders. The result is arbitrary command execution with the privileges of the UAC process.", "risk_and_exploitability": "The CVSS score is 8.5, indicating high severity. EPSS data is not available, and the vulnerability is not listed in the CISA KEV catalog. The likely attack vector is through manipulation of input data that UAC consumes; based on the description, it is inferred that an attacker who can supply crafted values to the placeholder substitution (for example by creating or modifying log entries that UAC processes) can trigger the eval path and execute arbitrary commands. This attack does not require complex prerequisites beyond controlling the input data, making it relatively straightforward for an attacker with access to the affected system."}}}}, "created": "2026-04-09T08:16:24.586855+00:00", "updated": "2026-04-09T08:25:50.467085+00:00", "vendors": ["tclahr", "tclahr$PRODUCT$uac"]}