PT-2026-21655 · Unknown · Hummerrisk

Ana10Gy

Publicado

2026-02-24

Atualizado

2026-02-24

CVE-2026-3064

CVSS v3.1

8.8

Alta

Vetor

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions HummerRisk versions up to 1.5.0

Description A security issue exists in HummerRisk that allows for command injection. This is due to manipulation of the regionId argument within the ResourceCreateService.java file of the Cloud Task Scheduler component. The attack can be launched remotely, and the exploit has been publicly disclosed. The vendor was informed of the disclosure but did not respond.

Recommendations Versions prior to 1.5.0 should be updated. As a temporary workaround, consider restricting access to the Cloud Task Scheduler component to minimize the risk of exploitation.

Exploit

Correção

Command Injection

Special Elements Injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-77CWE-74

Identificadores relacionados

CVE-2026-3064

Produtos afetados

Hummerrisk

PT-2026-21655 · Unknown · Hummerrisk

CVE-2026-3064

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 9