CVE-2026-9645
published 2026-05-28CVE-2026-9645: Exposed methods allow authenticated users to create and execute arbitrary JavaScript code on the server. The scripts execute with full access, enabling…
PriorityP265critical9.9CVSS 3.1
AVNACLPRLUINSCCHIHAH
EPSS
0.32%
23.3th percentile
Exposed methods allow authenticated users to create and execute arbitrary JavaScript code on the server. The scripts execute with full access, enabling complete system compromise as commands are executed as root.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| scadabr | scadabr | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
ScadaBR 1.2.0 os command injection (EUVD-2026-33028)
vuldb·2026-05-28·CVSS 9.9
CVE-2026-9645 [CRITICAL] ScadaBR 1.2.0 os command injection (EUVD-2026-33028)
A vulnerability categorized as critical has been discovered in ScadaBR 1.2.0. Affected is an unknown function. The manipulation results in os command injection.
This vulnerability was named CVE-2026-9645. The attack may be performed from remote. There is no available exploit.
GHSA
GHSA-jqp5-9296-xf42: Exposed methods allow authenticated users to create and execute arbitrary JavaScript code on the server
ghsa_unreviewed·2026-05-28
CVE-2026-9645 [CRITICAL] CWE-78 GHSA-jqp5-9296-xf42: Exposed methods allow authenticated users to create and execute arbitrary JavaScript code on the server
Exposed methods allow authenticated users to create and execute arbitrary JavaScript code on the server. The scripts execute with full access, enabling complete system compromise as commands are executed as root.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2026-05-28
Published