CVE-2026-40456
published 2026-06-18CVE-2026-40456: An OS Command Injection vulnerability exists in LMS (LAN Management System) before commit 9fcb4de due to an IP address parameter being passed to the "exec()"…
PriorityP259high8.6CVSS 4.0
AVAACLATNPRLUINVCHVIHVAHSCLSILSANEXCRXIRXARXMAVXMACXMATXMPRXMUIXMVCXMVIXMVAXMSCXMSIXMSAXSXAUXRXVXREXUX
EPSS
0.95%
56.7th percentile
An OS Command Injection vulnerability exists in LMS (LAN Management System) before commit 9fcb4de due to an IP address parameter being passed to the "exec()" function without proper validation, allowing attackers to execute arbitrary operating system commands.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| lms | lms | < 9fcb4de | 9fcb4de |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
An OS Command Injection vulnerability exists in LMS (LAN Management System) before commit 9fcb4de due to an IP address parameter being passed to the "exec()" function without proper validation, allowi
ghsa_unreviewed·2026-06-18
CVE-2026-40456 [HIGH] CWE-78 An OS Command Injection vulnerability exists in LMS (LAN Management System) before commit 9fcb4de due to an IP address parameter being passed to the "exec()" function without proper validation, allowi
An OS Command Injection vulnerability exists in LMS (LAN Management System) before commit 9fcb4de due to an IP address parameter being passed to the "exec()" function without proper validation, allowing attackers to execute arbitrary operating system commands.
VulDB
Chilek LAN Management System System Command exec os command injection (9fcb4de / EUVD-2026-37875)
vuldb·2026-06-18
CVE-2026-40456 [CRITICAL] Chilek LAN Management System System Command exec os command injection (9fcb4de / EUVD-2026-37875)
A vulnerability identified as critical has been detected in Chilek LAN Management System. This vulnerability affects the function exec of the component System Command Handler. This manipulation causes os command injection.
The identification of this vulnerability is CVE-2026-40456. The attack needs to be done within the local network. There is no exploit available.
It is recommended to apply a patch to fix this issue.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2026-06-18
Published