Description
An OS command injection vulnerability in the media archiving and export pipeline component of kanishka-linux Reminiscence v0.3.0 allows attackers to execute arbitrary commands via supplying a crafted input.
Published: 2026-06-15
Score: 9.8 Critical
EPSS: 1.6% Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

An OS command injection flaw in the media archiving and export pipeline component of kanishka-linux Reminiscence v0.3.0 enables an attacker who supplies a crafted input to run arbitrary OS commands. The flaw is a classic code injection (CWE‑94) and, due to the vulnerability’s high severity score of 9.8, a successful exploitation yields full remote code execution that compromises confidentiality, integrity, and availability of the affected host.

Affected Systems

The affected product is kanishka‑linux Reminiscence v0.3.0. No other vendors or versions are listed, so the issue applies only to this software version.

Risk and Exploitability

The CVSS score of 9.8 marks this flaw as critical, while the EPSS score of 1.571 % indicates that exploitation is unlikely at present but not impossible. Because the vulnerability is not listed in the CISA KEV catalog, no known exploits are confirmed. Nonetheless, the attack could be carried out by submitting a crafted command via the export pipeline, and the lack of a patch means the risk remains until a vendor fix is released.

Generated by OpenCVE AI on June 18, 2026 at 03:36 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply any available vendor update for kanishka-linux Reminiscence v0.3.0 to eliminate the command injection flaw.
  • Disabling or restricting access to the media archiving and export pipeline component to users who do not require it reduces the attack surface.
  • Implement rigorous input validation or replace command‑invoking code paths with safer APIs to prevent future injection vulnerabilities.

Generated by OpenCVE AI on June 18, 2026 at 03:36 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 19 Jun 2026 09:45:00 +0000

Type Values Removed Values Added
First Time appeared Kanishka-linux
Kanishka-linux reminiscence
Vendors & Products Kanishka-linux
Kanishka-linux reminiscence

Thu, 18 Jun 2026 04:45:00 +0000

Type Values Removed Values Added
Title OS Command Injection in kanishka-linux Reminiscence Media Export Pipeline

Wed, 17 Jun 2026 05:15:00 +0000

Type Values Removed Values Added
Title OS Command Injection in kanishka-linux Reminiscence Media Export Pipeline

Tue, 16 Jun 2026 15:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-94
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Mon, 15 Jun 2026 19:30:00 +0000

Type Values Removed Values Added
Description An OS command injection vulnerability in the media archiving and export pipeline component of kanishka-linux Reminiscence v0.3.0 allows attackers to execute arbitrary commands via supplying a crafted input.
References

Subscriptions

Kanishka-linux Reminiscence
cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-06-16T14:14:42.415Z

Reserved: 2026-06-07T00:00:00.000Z

Link: CVE-2026-50871

cve-icon Vulnrichment

Updated: 2026-06-16T14:14:35.821Z

cve-icon NVD

Status : Deferred

Published: 2026-06-15T20:16:29.883

Modified: 2026-06-16T15:50:58.757

Link: CVE-2026-50871

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-19T09:35:54Z

Weaknesses
  • CWE-94

    Improper Control of Generation of Code ('Code Injection')