CVE-2026-42853

6.5 MEDIUM

ApostropheCMS is an open-source Node.js content management system

Published: 2026-06-12 · Last updated: 2026-06-13

Severity and scoring

CVSS: 6.5 MEDIUM
Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H
CWE: CWE-78

Description

ApostropheCMS is an open-source Node.js content management system. Versions of the @apostrophecms/cli package up to and including 3.6.0 contain a command injection vulnerability in the apos create command. User-supplied input from the password prompt is embedded directly into a shell command without proper sanitization or escaping. This allows execution of arbitrary commands on the host system. As of time of publication, no known patched versions are available.

Source: NVD

References

Related CVEs

Same CWE

CVE-2026-46716 — Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool (9.9 CRITICAL)
CVE-2026-48165 — MariaDB server is a community developed fork of MySQL server (8.0 HIGH)
CVE-2026-48163 — MariaDB server is a community developed fork of MySQL server (8.0 HIGH)
CVE-2026-44170 — MariaDB server is a community developed fork of MySQL server
CVE-2026-44168 — MariaDB server is a community developed fork of MySQL server (8.0 HIGH)