cbcvebase.
CVE-2026-3066
published 2026-02-24

CVE-2026-3066: A flaw has been found in HummerRisk up to 1.5.0. This vulnerability affects the function fixedCommand of the file…

PriorityP270high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EPSS
9.14%
94.7th percentile
A flaw has been found in HummerRisk up to 1.5.0. This vulnerability affects the function fixedCommand of the file hummer-common/hummer-common-core/src/main/java/com/hummer/common/core/utils/PlatformUtils.java of the component Cloud Compliance Scanning. Executing a manipulation can lead to command injection. The attack can be executed remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Affected

7 ranges
VendorProductVersion rangeFixed in
hummerriskhummerrisk<= 1.5.0
hummerriskhummerrisk
hummerriskhummerrisk
hummerriskhummerrisk
hummerriskhummerrisk
hummerriskhummerrisk
hummerriskhummerrisk

Detection & IOCsextracted from sources · hover to see the quote

url/cloud/account/add
pathhummer-common/hummer-common-core/src/main/java/com/hummer/common/core/utils/PlatformUtils.java
snort
alert http any any -> $HOME_NET any (msg:"ET WEB_SPECIFIC_APPS HummerRisk Cloud Compliance Scan proxyIp Parameter Command Injection Attempt (CVE-2026-3066)"; flow:established,to_server; http.method; content:"POST"; http.uri; bsize:18; content:"/cloud/account/add"; fast_pattern; http.request_body; content:"|22|proxyIp|22|"; pcre:"/^(?:\x3a(?:\x20\x22|\x22))?[^\x2c\x7d$]*?(?:(?:\x3b|%3[Bb])|(?:\x0a|%0[Aa])|(?:\x60|%60)|(?:\x7c|%7[Cc])|(?:\x24|%24)|(?:\x26|%26){2})+/R"; reference:url,github.com/AnalogyC0de/public_exp/issues/10; reference:cve,2026-3066; classtype:attempted-admin; sid:2067913; rev:1; metadata:affected_product HummerRisk, attack_target Web_Server, tls_state plaintext, created_at 2026_02_24, cve CVE_2026_3066, deployment Perimeter, deployment Internal, performance_impact Low, confidence High, signature_severity Major, tag Exploit, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2026_02_24, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre_technique_id T1190, mitre_technique_name Exploit_Public_Facing_Application; target:dest_ip;)
  • Attack is delivered via HTTP POST to the exact URI /cloud/account/add (bsize:18 — exact length match). Monitor for POST requests to this endpoint.
  • The injection payload is carried in the JSON request body within the `proxyIp` parameter. Look for shell metacharacters (`;`, `|`, `&`, backtick, `$`, newline — both raw and URL-encoded) immediately following the proxyIp value.
  • The vulnerable code path is the `fixedCommand` function in PlatformUtils.java. Audit or instrument this function for unsanitised input reaching OS command execution.
  • The Emerging Threats rule targets plaintext (non-TLS) traffic only; ensure perimeter and internal sensors both cover HTTP on non-standard ports as well.
  • A public proof-of-concept exploit exists; treat any hit on this signature as high-severity and prioritise immediate triage.
  • ·Affected versions are HummerRisk up to and including 1.5.0. Verify the deployed version before applying mitigations.
  • ·The vendor did not respond to the disclosure; no official patch or advisory is available. Treat the vulnerability as unpatched until confirmed otherwise.
  • ·The ET rule (sid:2067913) only fires on plaintext HTTP. Deployments fronted by TLS termination require additional inspection at the termination point.

CVSS provenance

nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv4.02.1LOWCVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
nvdv2.06.5MEDIUMAV:N/AC:L/Au:S/C:P/I:P/A:P
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.