HIGHCVE-2026-3120Published Modified CNA TR-CERT
CVE-2026-3120: RCE in Profelis Informatics' SambaBox
Improper Control of Generation of Code ('Code Injection') vulnerability in Profelis Information and Consulting Trade and Industry Limited Company SambaBox allows OS Command Injection. This issue affects SambaBox: from 5.1 before 5.3.
Metrics
- CVSS v3.1
- 7.2
- Severity
- HIGH
- Fixed in
- 5.3
- Affected Products
- 1
Fix available
5.3
Affected packages
- Profelis Information and Consulting Trade and Industry Limited Company / SambaBox< 5.3 (from 5.1)
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HReferences