Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
9.9
CVE-2026-9645: Authenticated Users Can Run Commands on Server with Full Access
CVE-2026-9645
Summary
A vulnerability in a server-side application allows users who have logged in to run any command on the server with complete control, potentially leading to system compromise. This means that an attacker could access sensitive data or take control of the server. The affected application should be updated with security patches to prevent this vulnerability.
Original title
Exposed methods allow authenticated users to create and execute arbitrary JavaScript code on the server. The scripts execute with full access, enabling complete system compromise as commands are ex...
Original description
Exposed methods allow authenticated users to create and execute arbitrary JavaScript code on the server. The scripts execute with full access, enabling complete system compromise as commands are executed as root.
nvd CVSS3.1
9.9
Vulnerability type
CWE-78
OS Command Injection
Published: 28 May 2026 · Updated: 30 May 2026 · First seen: 28 May 2026