CRITICALCVE-2026-5433Published Modified CNA Honeywell
CVE-2026-5433: Improper Sanitization in CNM Web Interface
Honeywell Control Network Module (CNM) contains command injection vulnerability in the web interface. An attacker could exploit this vulnerability via command delimiters, potentially resulting in Remote Code Execution (RCE).
Metrics
- CVSS v3.1
- 9.1
- Severity
- CRITICAL
- Fixed in
- —
- Affected Products
- 1
Affected packages
- Honeywell International Inc. / Control Network Module (CNM)≤ 110.2
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:HReferences