CVE-2026-8051
published 2026-05-12CVE-2026-8051: OS command injection in Ivanti Virtual Traffic Manager before version 22.9r4 allows a remote authenticated attacker with admin privileges to achieve remote…
PriorityP354high7.2CVSS 3.1
AVNACLPRHUINSUCHIHAH
EPSS
1.91%
77.3th percentile
OS command injection in Ivanti Virtual Traffic Manager before version 22.9r4 allows a remote authenticated attacker with admin privileges to achieve remote code execution.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| ivanti | virtual_traffic_manager | <= 22.8 | — |
| ivanti | virtual_traffic_manager | — | — |
| libssh | libssh | >= 0 < 0.6.3-4.3ubuntu0.6+esm4 | 0.6.3-4.3ubuntu0.6+esm4 |
| libssh | libssh | >= 0 < 0.8.0~20170825.94fa1e38-1ubuntu0.7+esm6 | 0.8.0~20170825.94fa1e38-1ubuntu0.7+esm6 |
| libssh | libssh | >= 0 < 0.9.3-2ubuntu2.5+esm3 | 0.9.3-2ubuntu2.5+esm3 |
CVSS provenance
nvdv3.17.2HIGHCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
osv3.1LOW
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ivanti
Ivanti Security Advisory: CVE-2026-8051
vendor_ivanti·2026-05-12·CVSS 7.2
CVE-2026-8051 [HIGH] CWE-78 Ivanti Security Advisory: CVE-2026-8051
Ivanti Security Advisory: CVE-2026-8051
OS command injection in Ivanti Virtual Traffic Manager before version 22.9r4 allows a remote authenticated attacker with admin privileges to achieve remote code execution.
CVE IDs: CVE-2026-8051
CVSS Base Score: 7.2
Severity: HIGH
CWEs: CWE-78
GHSA
GHSA-3rm6-879f-q3r2: OS command injection in Ivanti Virtual Traffic Manager before version 22
ghsa_unreviewed·2026-05-12
CVE-2026-8051 [HIGH] CWE-78 GHSA-3rm6-879f-q3r2: OS command injection in Ivanti Virtual Traffic Manager before version 22
OS command injection in Ivanti Virtual Traffic Manager before version 22.9r4 allows a remote authenticated attacker with admin privileges to achieve remote code execution.
OSV
libssh vulnerabilities
osv·2026-02-23·CVSS 3.1
CVE-2025-8277 libssh vulnerabilities
libssh vulnerabilities
USN-8051-1 fixed vulnerabilities in libssh. This update provides the
corresponding updates for Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu
20.04 LTS.
Original advisory details:
It was discovered that libssh clients incorrectly handled the key exchange
process. A remote attacker could possibly use this issue to cause libssh
clients to crash, resulting in a denial of service. (CVE-2025-8277)
It was discovered that the libssh SCP client incorrectly sanitized paths
received from servers. A remote attacker could use this issue to cause
libssh SCP clients to overwrite files outside of the working directory and
possibly execute arbitrary code. (CVE-2026-0964)
It was discovered that libssh incorrectly handled parsing configuration
files. A local attacker could possib
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2026-05-12
Published