CVE-2026-24712

Source
https://cve.org/CVERecord?id=CVE-2026-24712
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-24712.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-24712
Downstream
Published
2026-05-14T00:00:00Z
Modified
2026-07-15T02:17:55.830284887Z
Severity
  • 7.3 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L CVSS Calculator
Summary
[none]
Details

Northern.tech CFEngine Enterprise and Community before 3.21.8, 3.24.3, and 3.27.0 allows Command injection.

Database specific
{
    "cna_assigner": "mitre",
    "unresolved_ranges": [
        {
            "source": "DESCRIPTION",
            "extracted_events": [
                {
                    "fixed": "3.21.8"
                }
            ]
        }
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/24xxx/CVE-2026-24712.json"
}
References

Affected packages

Git / github.com/cfengine/core

Affected ranges

Type
GIT
Repo
https://github.com/cfengine/core
Events
Database specific
{
    "source": [
        "CPE_RANGE",
        "CPE_STRING"
    ],
    "cpe": [
        "cpe:2.3:a:northern.tech:cfengine:*:*:*:*:enterprise:*:*:*",
        "cpe:2.3:a:northern.tech:cfengine:3.26.0:*:*:*:enterprise:*:*:*"
    ],
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "fixed": "3.21.8"
        },
        {
            "introduced": "3.24.0"
        },
        {
            "fixed": "3.24.3"
        },
        {
            "introduced": "3.26.0"
        },
        {
            "last_affected": "3.26.0"
        }
    ]
}

Affected versions

3.*
3.10.0b1-build1
3.12.0a1-build1
3.12.0b1
3.12.0b1-build1
3.12.0b1-build2
3.13.0
3.13.0-build1
3.13.0-build2
3.14.0
3.14.0-2
3.14.0-2-build1
3.14.0-build1
3.14.0-build2
3.14.0-build3
3.14.0-build4
3.15.0-build1
3.15.0-build2
3.15.0b1
3.15.0b1-build1
3.15.0b1-build2
3.15.0b1-build3
3.15.0b1-build4
3.16.0
3.16.0-build1
3.17.0
3.17.0-build1
3.18.0
3.18.0-1-build1
3.18.0-1-build2
3.18.0-1-build3
3.18.0-2
3.18.0-2-build1
3.18.0-2-build2
3.18.0-build1
3.18.0-build2
3.18.0-build3
3.19.0
3.19.0-build1
3.19.0-build2
3.20.0
3.20.0-2
3.20.0-2-build1
3.20.0-build1
3.20.0-build2
3.20.0-build3
3.20.0-build4
3.21.0
3.21.0-build1
3.21.0-build10
3.21.0-build11
3.21.0-build2
3.21.0-build3
3.21.0-build4
3.21.0-build5
3.21.0-build6
3.21.0-build7
3.21.0-build8
3.21.0-build9
3.21.1
3.21.1-build1
3.21.2
3.21.2-build1
3.21.2-build2
3.21.2-build3
3.21.2-build4
3.21.3
3.21.3-build1
3.21.3-build2
3.21.3-build3
3.21.3-build4
3.21.4
3.21.4-build1
3.21.4-build2
3.21.4-build3
3.21.5
3.21.5-build1
3.21.5-build2
3.21.5-build3
3.21.5-build4
3.21.6
3.21.6-build1
3.21.6-build2
3.21.6-build3
3.21.6-build4
3.21.6-build5
3.21.7
3.21.7-build1
3.21.7-build2
3.21.7-build3
3.21.7-build4
3.21.7-build5
3.21.8-build1
3.21.8-build2
3.21.8-build3
3.24.0
3.24.0-build7
3.24.0-build8
3.24.0-build9
3.24.1
3.24.1-build1
3.24.1-build2
3.24.1-build3
3.24.1-build4
3.24.1-build5
3.24.2
3.24.2-build1
3.24.2-build2
3.24.2-build3
3.24.2-build4
3.24.2-build5
3.24.3-build1
3.24.3-build2
3.24.3-build3
3.24.3-build4
3.24.3-build5
3.26.0
3.26.0-build3
3.3.x-branchpoint
3.4.0a1
3.4.x-branchpoint
3.5.0a1
3.5.0a2
3.5.0b1
3.5.x-branchpoint
3.6.0b1
3.6.0b1-build1
3.6.0b1-build2
3.6.0b1-build3
3.6.0b1-build4
3.6.0b2
3.6.0b2-build1
3.6.0b2-build3
3.6.0b2-build4
3.6.0b2-build5
3.6.0eb1-build1
3.6.0eb1-build2
3.6.0eb2-build1
3.6.0eb2-build2
3.6.x-branchpoint
3.6rc
3.6rc-build2
3.8.0b1-build1
3.8.0b1-build2
Other
svn-migration-point
v3.*
v3.6.0a0

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-24712.json"