CVE-2026-10066 - Vulnerability Details

- Shibby Tomato UPS Service tomatoups.cgi sub_9068 stack-based overflow

Description

A security vulnerability has been detected in Shibby Tomato up to 1.28. This issue affects the function sub_9068 of the file tomatoups.cgi of the component UPS Service. The manipulation leads to stack-based buffer overflow. The attack can be initiated remotely. This project is superseded by FreshTomato. This vulnerability only affects products that are no longer supported by the maintainer.

Published: 2026-05-29

Score: 8.7 High

EPSS: n/a

KEV: No

Impact:

Action:

Analysis

Impact

A stack-based buffer overflow exists in the function sub_9068 of the tomatoups.cgi script used by the UPS Service component of Shibby Tomato firmware. The vulnerability allows an attacker to corrupt the call stack and gain arbitrary code execution on the device, potentially exposing sensitive configuration and compromising the entire networked environment. Error handling is insufficient and the buffer size is not validated against user input, satisfying CWE-119 and CWE-121 weaknesses. The vulnerability is considered high severity with a CVSS score of 8.7.

Affected Systems

Devices running Shibby Tomato firmware version 1.28 or earlier are impacted. The affected software component is the UPS Service embedded in the firmware; newer firmware releases replace or remove this component, and the vulnerability does not affect the actively maintained FreshTomato code base.

Risk and Exploitability

The flaw can be exploited remotely without user interaction, as the vulnerable CGI script is exposed via web interfaces commonly used to manage the UPS. Although no EPSS score is available, the high CVSS rating and the fact that the flaw is publicly documented on multiple advisory sites imply a realistic threat of exploitation. The vulnerability is not listed in the CISA KEV, but its potential for remote code execution warrants proactive mitigation. The attack path is straightforward: a remote user submits carefully crafted input to the sub_9068 endpoint, causing a stack overflow that ultimately leads to arbitrary code execution.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Shibby

Tomato

affected

Version	Status	Constraints
`1.0`	affected	—
`1.1`	affected	—
`1.2`	affected	—
`1.3`	affected	—
`1.4`	affected	—
`1.5`	affected	—
`1.6`	affected	—
`1.7`	affected	—
`1.8`	affected	—
`1.9`	affected	—
`1.10`	affected	—
`1.11`	affected	—
`1.12`	affected	—
`1.13`	affected	—
`1.14`	affected	—
`1.15`	affected	—
`1.16`	affected	—
`1.17`	affected	—
`1.18`	affected	—
`1.19`	affected	—
`1.20`	affected	—
`1.21`	affected	—
`1.22`	affected	—
`1.23`	affected	—
`1.24`	affected	—
`1.25`	affected	—
`1.26`	affected	—
`1.27`	affected	—
`1.28`	affected	—

No data.

No data available yet.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Upgrade the firmware to a version newer than 1.28 or switch to the FreshTomato fork that has removed the vulnerable component
If an upgrade is not immediately available, restrict network access to the tomatoups.cgi endpoint using firewall rules or access control lists
Monitor web server logs for unusual POST requests to tomatoups.cgi and alert on potential exploitation attempts

Generated by OpenCVE AI on May 29, 2026 at 17:37 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact High

Vulnerable System Availability Impact High

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

This CVE is not in the KEV list.

No EPSS score available.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://gitee.com/Fengyi-Wang/CVE/issues/IJK7BD
https://vuldb.com/submit/818145
https://vuldb.com/vuln/367152
https://vuldb.com/vuln/367152/cti

History

Fri, 29 May 2026 16:15:00 +0000

Type	Values Removed	Values Added
Description		A security vulnerability has been detected in Shibby Tomato up to 1.28. This issue affects the function sub_9068 of the file tomatoups.cgi of the component UPS Service. The manipulation leads to stack-based buffer overflow. The attack can be initiated remotely. This project is superseded by FreshTomato. This vulnerability only affects products that are no longer supported by the maintainer.
Title		Shibby Tomato UPS Service tomatoups.cgi sub_9068 stack-based overflow
First Time appeared		Shibby Shibby tomato
Weaknesses		CWE-119 CWE-121
CPEs		cpe:2.3:a:shibby:tomato::::::::
Vendors & Products		Shibby Shibby tomato
References		https://gitee.com/Fengyi-Wang/CVE/issues/IJK7BD https://vuldb.com/submit/818145 https://vuldb.com/vuln/367152 https://vuldb.com/vuln/367152/cti
Metrics		cvssV2_0 `{'score': 9, 'vector': 'AV:N/AC:L/Au:S/C:C/I:C/A:C/E:ND/RL:ND/RC:UR'}` cvssV3_0 `{'score': 8.8, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:X/RL:X/RC:R'}` cvssV3_1 `{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:X/RL:X/RC:R'}` cvssV4_0 `{'score': 8.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X'}`

Subscriptions

Shibby Tomato

MITRE

Status: PUBLISHED

Assigner: VulDB

Published: 2026-05-29T15:15:12.006Z

Updated: 2026-05-29T15:15:12.006Z

Reserved: 2026-05-29T08:32:29.599Z

Link: CVE-2026-10066

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2026-05-29T16:16:23.387

Modified: 2026-05-29T16:29:11.350

Link: CVE-2026-10066

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-05-29T17:45:04Z

Weaknesses

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact High

Vulnerable System Availability Impact High

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object