cbcvebase.
CVE-2026-8051
published 2026-05-12

CVE-2026-8051: OS command injection in Ivanti Virtual Traffic Manager before version 22.9r4 allows a remote authenticated attacker with admin privileges to achieve remote…

PriorityP354high7.2CVSS 3.1
AVNACLPRHUINSUCHIHAH
EPSS
1.91%
77.3th percentile
OS command injection in Ivanti Virtual Traffic Manager before version 22.9r4 allows a remote authenticated attacker with admin privileges to achieve remote code execution.

Affected

5 ranges
VendorProductVersion rangeFixed in
ivantivirtual_traffic_manager<= 22.8
ivantivirtual_traffic_manager
libsshlibssh>= 0 < 0.6.3-4.3ubuntu0.6+esm40.6.3-4.3ubuntu0.6+esm4
libsshlibssh>= 0 < 0.8.0~20170825.94fa1e38-1ubuntu0.7+esm60.8.0~20170825.94fa1e38-1ubuntu0.7+esm6
libsshlibssh>= 0 < 0.9.3-2ubuntu2.5+esm30.9.3-2ubuntu2.5+esm3

CVSS provenance

nvdv3.17.2HIGHCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
osv3.1LOW
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.