Impact
An OS command injection flaw in the media archiving and export pipeline component of kanishka-linux Reminiscence v0.3.0 enables an attacker who supplies a crafted input to run arbitrary OS commands. The flaw is a classic code injection (CWE‑94) and, due to the vulnerability’s high severity score of 9.8, a successful exploitation yields full remote code execution that compromises confidentiality, integrity, and availability of the affected host.
Affected Systems
The affected product is kanishka‑linux Reminiscence v0.3.0. No other vendors or versions are listed, so the issue applies only to this software version.
Risk and Exploitability
The CVSS score of 9.8 marks this flaw as critical, while the EPSS score of 1.571 % indicates that exploitation is unlikely at present but not impossible. Because the vulnerability is not listed in the CISA KEV catalog, no known exploits are confirmed. Nonetheless, the attack could be carried out by submitting a crafted command via the export pipeline, and the lack of a patch means the risk remains until a vendor fix is released.
OpenCVE Enrichment