Количество 2
Количество 2
CVE-2026-23515
Signal K Server is a server application that runs on a central hub in a boat. Prior to 1.5.0, a command injection vulnerability allows authenticated users with write permissions to execute arbitrary shell commands on the Signal K server when the set-system-time plugin is enabled. Unauthenticated users can also exploit this vulnerability if security is disabled on the Signal K server. This occurs due to unsafe construction of shell commands when processing navigation.datetime values received via WebSocket delta messages. This vulnerability is fixed in 1.5.0.
GHSA-p8gp-2w28-mhwg
Signal K set-system-time plugin vulnerable to RCE - Command Injection
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2026-23515 Signal K Server is a server application that runs on a central hub in a boat. Prior to 1.5.0, a command injection vulnerability allows authenticated users with write permissions to execute arbitrary shell commands on the Signal K server when the set-system-time plugin is enabled. Unauthenticated users can also exploit this vulnerability if security is disabled on the Signal K server. This occurs due to unsafe construction of shell commands when processing navigation.datetime values received via WebSocket delta messages. This vulnerability is fixed in 1.5.0. | CVSS3: 9.9 | 1% Низкий | 6 дней назад |
| GHSA-p8gp-2w28-mhwg Signal K set-system-time plugin vulnerable to RCE - Command Injection | CVSS3: 9.9 | 1% Низкий | 7 дней назад |
Уязвимостей на страницу