cbcvebase.
CVE-2026-22313
published 2026-06-16

CVE-2026-22313: The device has a webserver that exposes a REST API authenticated with a token on the management network. By exploiting an OS command injection vulnerability an…

PriorityP263critical9.1CVSS 3.1
AVNACLPRHUINSCCHIHAH
EPSS
0.92%
55.8th percentile
The device has a webserver that exposes a REST API authenticated with a token on the management network. By exploiting an OS command injection vulnerability an authenticated attacker can send arbitrary commands to the device that are executed with administrative permissions by the underlying operating system.

Affected

1 ranges
VendorProductVersion rangeFixed in
radiflowisap_smart_collector
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.