CVE-2026-31386

Source
https://cve.org/CVERecord?id=CVE-2026-31386
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-31386.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-31386
Published
2026-03-16T05:21:13.948Z
Modified
2026-07-08T08:12:46.891823890Z
Severity
  • 8.6 (High) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N CVSS Calculator
Summary
[none]
Details

OpenLiteSpeed and LSWS Enterprise provided by LiteSpeed Technologies contain an OS command injection vulnerability. An arbitrary OS command may be executed by an attacker with the administrative privilege.

Database specific
{
    "cna_assigner": "jpcert",
    "cwe_ids": [
        "CWE-78"
    ],
    "unresolved_ranges": [
        {
            "extracted_events": [
                {
                    "introduced": "all versions"
                },
                {
                    "last_affected": "all versions"
                },
                {
                    "introduced": "all versions"
                },
                {
                    "last_affected": "all versions"
                }
            ],
            "source": "AFFECTED_FIELD"
        }
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/31xxx/CVE-2026-31386.json"
}
References

Affected packages

Git / github.com/litespeedtech/openlitespeed

Affected ranges

Type
GIT
Repo
https://github.com/litespeedtech/openlitespeed
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
Database specific
{
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.9.0"
        }
    ],
    "cpe": "cpe:2.3:a:litespeedtech:openlitespeed:*:*:*:*:*:*:*:*",
    "source": "CPE_RANGE"
}

Affected versions

Other
broken_modsec
v1.*
v1.0.4
v1.3
v1.3.2
v1.4.0
v1.4.1
v1.4.2
v1.5.0
v1.5.0rc6
v1.5.2
v1.6.3
v1.7.0
v1.7.1
v1.7.10
v1.7.10.1
v1.7.10.2
v1.7.17
v1.7.2
v1.7.3
v1.7.4
v1.7.5
v1.7.6
v1.7.7
v1.7.8
v1.7.9
v1.7.9.1
v1.7.9.2
v1.8.0
v1.8.1
v1.9.0

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-31386.json"