CVE-2026-26235
published 2026-02-12CVE-2026-26235: JUNG Smart Visu Server 1.1.1050 contains a denial of service vulnerability that allows unauthenticated attackers to remotely shutdown or reboot the server…
PriorityP357high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
EXPLOIT
EPSS
1.78%
75.5th percentile
JUNG Smart Visu Server 1.1.1050 contains a denial of service vulnerability that allows unauthenticated attackers to remotely shutdown or reboot the server. Attackers can send a single POST request to trigger the server reboot without requiring any authentication.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| albrecht_jung_gmbh_co_kg | jung_smart_visu_server | — | — |
| jung-group | smart_visu_server_firmware | <= 1.1.1050 | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Detect unauthenticated HTTP POST requests to /cgi-bin/reboot.sh or /cgi-bin/shutdown.sh on JUNG Smart Visu Server. No authentication headers or session cookies are required by the attacker — a single empty-body POST is sufficient to trigger the action. ↗
- →Alert on POST requests to /cgi-bin/reboot.sh or /cgi-bin/shutdown.sh with an empty body (data="") and Content-Type: application/x-www-form-urlencoded, especially from external/untrusted source IPs. ↗
- →Monitor for the exploit's characteristic HTTP headers combination: DNT: 1, Sec-GPC: 1, Sec-Fetch-User: ?1, and Upgrade-Insecure-Requests: 1 appearing together on POST requests to CGI endpoints of the Smart Visu Server. ↗
- →A 200 OK or 301/302 redirect response to a POST on /cgi-bin/reboot.sh or /cgi-bin/shutdown.sh is a strong indicator of successful exploitation and imminent device reboot/shutdown. ↗
- ·The exploit disables SSL certificate verification by default, meaning it will target HTTPS endpoints without validating the certificate. Detection rules should cover both HTTP and HTTPS traffic to these CGI paths. ↗
- ·The vulnerability is classified as Missing Authentication (CWE-306) — no credentials, tokens, or session state are needed. Any network-reachable instance is exploitable with a single packet, so network-layer access controls are the primary mitigation. ↗
- ·The exploit targets JUNG Smart Visu Server versions up to and including 1.1.1050 running on an Embedded/Linux platform. Confirm the platform before applying Linux-specific detection logic. ↗
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvdv4.08.7HIGHCVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No writeups or analysis indexed.
2026-02-12
Published