HIGHCVE-2026-32298Published Modified CNA cisa-cg
CVE-2026-32298: Angeet ES3 KVM OS command injection
The Angeet ES3 KVM does not properly sanitize user-supplied variables parsed by the 'cfg.lua' script, allowing an authenticated attacker to execute OS-level commands.
Metrics
- CVSS v4.0
- 8.5
- Severity
- HIGH
- Fixed in
- *
- Affected Products
- 1
Fix available
*
Affected packages
- ANGEET / ES3 KVM< * (from 0)
CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:N/SC:H/SI:H/SA:H