Description
ACL Analytics versions 11.x through 13.0.0.579 contain an arbitrary code execution vulnerability that allows attackers to execute arbitrary commands by leveraging the EXECUTE function. Attackers can use bitsadmin to download malicious PowerShell scripts and execute them with system privileges to establish reverse shells and gain complete system control.
Published: 2026-05-17
Score: 9.3 Critical
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

ACL Analytics versions 11.x through 13.0.0.579 contain an arbitrary code execution flaw that occurs when the EXECUTE function is invoked. An attacker who can trigger this function can run arbitrary commands with the privileges of the ACL Analytics service. The vulnerability is based on native code execution via an unvalidated input, classified as CWE-94. Attackers can leverage bitsadmin to pull malicious PowerShell scripts and then execute them, leading to system compromise and the establishment of reverse shells.

Affected Systems

The affected product is ACL Analytics from acl, covering all releases from version 11.x up to 13.0.0.579. No patch version is listed in the data, but any installation within that range is still at risk.

Risk and Exploitability

The flaw has a CVSS score of 9.3, indicating a severe threat with high potential impact. The EPSS score is not available, and it is not listed in the CISA KEV catalog, so exploitation frequency is unknown. However, the ability to run system‑level commands and create reverse shells means a remote attacker can compromise the host with full control if they can reach the EXECUTE endpoint, which is inferred to be accessible over the network.

Generated by OpenCVE AI on May 17, 2026 at 13:27 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest vendor patch or upgrade ACL Analytics to a version newer than 13.0.0.579
  • Restrict or disable the EXECUTE function for non‑privileged users and monitor for attempts to invoke bitsadmin
  • Block or restrict outbound execution of PowerShell scripts and monitor for reverse shell activity

Generated by OpenCVE AI on May 17, 2026 at 13:27 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Sun, 17 May 2026 18:00:00 +0000

Type Values Removed Values Added
First Time appeared Acl
Acl acl Analytics
Vendors & Products Acl
Acl acl Analytics

Sun, 17 May 2026 12:30:00 +0000

Type Values Removed Values Added
Description ACL Analytics versions 11.x through 13.0.0.579 contain an arbitrary code execution vulnerability that allows attackers to execute arbitrary commands by leveraging the EXECUTE function. Attackers can use bitsadmin to download malicious PowerShell scripts and execute them with system privileges to establish reverse shells and gain complete system control.
Title ACL Analytics 11.x - 13.0.0.579 Arbitrary Code Execution
Weaknesses CWE-94
References
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

cvssV4_0

{'score': 9.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Acl Acl Analytics
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-05-17T12:11:27.402Z

Reserved: 2026-05-17T11:34:33.230Z

Link: CVE-2018-25320

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-05-17T13:16:43.270

Modified: 2026-05-17T13:16:43.270

Link: CVE-2018-25320

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-17T17:00:15Z

Weaknesses