CVE-2026-58000

Source
https://cve.org/CVERecord?id=CVE-2026-58000
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-58000.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-58000
Aliases
  • GHSA-pm9w-522m-8rrh
Published
2026-06-29T18:16:04.973Z
Modified
2026-07-15T01:49:18.997639879Z
Severity
  • 8.7 (High) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N CVSS Calculator
Summary
luci-proto-openvpn - Command Injection via cl_meta Parameter in generateKey
Details

luci-proto-openvpn through 0.11.1, fixed in commit e4ff45e, contains a command injection vulnerability in the generateKey ubus method where the clmeta parameter is interpolated into a shell command without proper escaping or quoting. An authenticated LuCI user with OpenVPN protocol configuration access can inject arbitrary shell metacharacters into clmeta to execute commands as root via the popen function.

Database specific
{
    "cna_assigner": "VulnCheck",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/58xxx/CVE-2026-58000.json",
    "cwe_ids": [
        "CWE-78"
    ]
}
References

Affected packages

Git / github.com/openwrt/luci

Affected ranges

Type
GIT
Repo
https://github.com/openwrt/luci
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Fixed
Database specific
{
    "source": [
        "DESCRIPTION",
        "REFERENCES"
    ],
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "fixed": "0.11.1"
        }
    ]
}

Affected versions

0.*
0.11.0

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-58000.json"