CVE-2026-1185
5.4 MEDIUMA configuration file on the local file system had improper input validation which could allow code execution and potentially lead to priv...
Published: 2026-05-12 · Last updated: 2026-05-19
Severity and scoring
- CVSS
- 5.4 MEDIUM
- Vector
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
- CWE
- CWE-732
Affected products
| Vendor | Product |
|---|---|
| axis | axis_os |
Description
A configuration file on the local file system had improper input validation which could allow code execution and potentially lead to privilege escalation. This vulnerability can only be exploited if an attacker can log in to the Axis device using SSH.
Source: NVD
References
Related CVEs
Same vendor
- CVE-2026-0804 — An ACAP configuration file lacked sufficient input validation, which could allow a path traversal attack leading to potential privilege e... (6.7 MEDIUM)
- CVE-2026-0802 — An ACAP configuration file lacked sufficient input validation, which could allow command injection and potentially lead to privilege esca... (6.0 MEDIUM)
- CVE-2026-0541 — ACAP applications can gain elevated privileges due to improper input validation during the installation process, potentially leading to p... (6.7 MEDIUM)
Same CWE
- CVE-2026-53856 — OpenClaw before 2026.4.24 contains an insecure file permissions vulnerability in config recovery that restores OpenClaw.json with overly ... (5.5 MEDIUM)
- CVE-2026-0271 — A privilege escalation (PE) vulnerability in the Palo Alto Networks Prisma Access Agent app on Linux devices enables a local user to exec...
- CVE-2026-50570 — Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes (8.5 HIGH)
- CVE-2026-26422 — clash-verge-service-ipc before 2.3.0 has a world-reachable IPC endpoint, leading to local privilege escalation (8.4 HIGH)
- CVE-2026-50590 — In Mimecast Incydr before 2.6.0, arbitrary file access can occur (4.5 MEDIUM)