CVE-2026-40456

Source
https://cve.org/CVERecord?id=CVE-2026-40456
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-40456.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-40456
Published
2026-06-18T10:58:51.790Z
Modified
2026-07-08T08:12:40.584755152Z
Severity
  • 8.6 (High) CVSS_V4 - CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:N CVSS Calculator
Summary
OS Command Injection in LMS
Details

An OS Command Injection vulnerability exists in LMS (LAN Management System) before commit 9fcb4de due to an IP address parameter being passed to the "exec()" function without proper validation, allowing attackers to execute arbitrary operating system commands.

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/40xxx/CVE-2026-40456.json",
    "cna_assigner": "CERT-PL",
    "cwe_ids": [
        "CWE-78"
    ],
    "unresolved_ranges": [
        {
            "source": "AFFECTED_FIELD",
            "extracted_events": [
                {
                    "fixed": "9fcb4de"
                }
            ]
        }
    ]
}
References

Affected packages

Git / github.com/chilek/lms

Affected ranges

Type
GIT
Repo
https://github.com/chilek/lms
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Database specific
{
    "source": "REFERENCES"
}

Affected versions

Other
LMS_010000_rc1
LMS_0100_pre1
LMS_0100_pre10
LMS_0100_pre2
LMS_0100_pre3
LMS_0100_pre4
LMS_0100_pre5
LMS_0100_pre6
LMS_0100_pre7
LMS_0100_pre8
LMS_0100_pre9
LMS_010100
LMS_010101
LMS_010102
LMS_010103
LMS_010104
LMS_010105
LMS_010107
LMS_010302
LMS_010501
LMS_010502
LMS_010503
LMS_010504
LMS_010505
LMS_010506
LMS_010700
LMS_010701
LMS_010703
LMS_010900
LMS_010907
LMS_011102
LMS_011103
LMS_011104
LMS_011105
LMS_011106
LMS_011107
LMS_011108
LMS_011109
LMS_011114
LMS_011115
LMS_011116
LMS_011117
LMS_011118
LMS_011119
LMS_011121
LMS_011122
LMS_011123
LMS_24
LMS_25
LMS_27
NO_LANGUAGE_SUPPORT
OLD_FINANCES
X_Apophis
X_Aris
X_Belos
X_Bray
X_Cronos
X_Dira
X_Doci
X_Grannus
X_Idos
X_Ju
X_Jumar
X_Kinsey
X_Kri
X_Marduk
X_Maybourne
X_Mot
X_Osiris
X_Seth
X_Shaq'Ran
X_Sokar
X_Tagar
X_Talus
X_Terok
X_Thanos
X_Thoth
X_Wraith
X_Zarin
hunter-devel
multilanguage

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-40456.json"