Description
A vulnerability was identified in Sangfor Operation and Maintenance Management System up to 3.0.12. Affected by this issue is the function SessionController of the file /isomp-protocol/protocol/session of the component SSH Protocol Handler. The manipulation of the argument keypassword leads to os command injection. It is possible to initiate the attack remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.
Published: 2026-01-22
Score: 8.7 High
EPSS: < 1% Very Low
KEV: No
Impact: Remote Command Execution via OS Command Injection
Action: Immediate Patch
AI Analysis

Impact

The vulnerability resides in the SessionController component of Sangfor’s Operation and Maintenance Management System, specifically when the keypassword parameter is processed. An attacker can inject arbitrary operating‑system commands, which are executed in the context of the running service. This flaw can be exploited remotely to gain full control of the underlying host, leading to compromise, data theft, or further network exploitation. The CVE description does not specify whether authentication is required; the publicly available proof‑of‑concept demonstrates the potential for remote exploitation but does not confirm credential requirements.

Affected Systems

All installations of Sangfor Operation and Maintenance Management System through version 3.0.12 are impacted. The affected component is the SSH Protocol Handler located in the /isomp-protocol/protocol/session file. Users deploying versions before 3.0.13 or any upstream versions that remain unchanged are at risk.

Risk and Exploitability

The vulnerability has a CVSS score of 8.7, indicating high severity. EPSS indicates a very low probability of exploitation (<1%), and the flaw is not yet listed in the CISA KEV catalog. The attack vector is inferred to be remote, as the exploit operates over the network by manipulating the keypassword argument. A publicly available proof‑of‑concept demonstrates the flaw; however, the CVE description does not explicitly state whether authentication is required, so it is unclear if valid credentials are necessary.

Generated by OpenCVE AI on April 18, 2026 at 15:26 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the vendor’s official patch or upgrade to version 3.0.13 or newer, which removes the unsafe handling of keypassword.
  • If a patch is unavailable, restrict network access to the SSH Protocol Handler to trusted IP ranges or place it behind a firewall to limit exposure.
  • Implement input validation or disable the keypassword parameter in configuration to prevent command injection until a fix is applied.

Generated by OpenCVE AI on April 18, 2026 at 15:26 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 30 Jan 2026 16:45:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:sangfor:operation_and_maintenance_security_management_system:*:*:*:*:*:*:*:*

Fri, 23 Jan 2026 16:45:00 +0000

Type Values Removed Values Added
First Time appeared Sangfor
Sangfor operation And Maintenance Security Management System
Vendors & Products Sangfor
Sangfor operation And Maintenance Security Management System

Thu, 22 Jan 2026 23:00:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Thu, 22 Jan 2026 13:30:00 +0000

Type Values Removed Values Added
Description A vulnerability was identified in Sangfor Operation and Maintenance Management System up to 3.0.12. Affected by this issue is the function SessionController of the file /isomp-protocol/protocol/session of the component SSH Protocol Handler. The manipulation of the argument keypassword leads to os command injection. It is possible to initiate the attack remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.
Title Sangfor Operation and Maintenance Management System SSH Protocol session SessionController os command injection
Weaknesses CWE-77
CWE-78
References
Metrics cvssV2_0

{'score': 9, 'vector': 'AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 8.8, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 8.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Sangfor Operation And Maintenance Security Management System
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-02-23T08:52:16.272Z

Reserved: 2026-01-22T07:40:46.347Z

Link: CVE-2026-1324

cve-icon Vulnrichment

Updated: 2026-01-22T20:21:40.907Z

cve-icon NVD

Status : Analyzed

Published: 2026-01-22T15:16:50.420

Modified: 2026-01-30T16:34:58.667

Link: CVE-2026-1324

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-18T15:30:03Z

Weaknesses