Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
8.6
CVE-2026-41225: iControl REST Manager Role Privilege Escalation
CVE-2026-41225
Summary
A highly privileged attacker with a Manager role in iControl REST can create configuration objects to run arbitrary commands. This could lead to unauthorized access to sensitive data or system compromise. Update to the latest supported version of iControl REST to address this issue.
Original title
A vulnerability exists in iControl REST where a highly privileged, authenticated attacker with at least the Manager role can create configuration objects that allow running arbitrary commands.
No...
Original description
A vulnerability exists in iControl REST where a highly privileged, authenticated attacker with at least the Manager role can create configuration objects that allow running arbitrary commands.
Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
nvd CVSS3.1
9.1
nvd CVSS4.0
8.6
Vulnerability type
CWE-648
Published: 13 May 2026 · Updated: 28 May 2026 · First seen: 13 May 2026