CVE-2026-3065

Name of the Vulnerable Software and Affected Versions HummerRisk versions prior to 1.5.1

Description A flaw exists in HummerRisk that allows for command injection. The issue is located within the CommandUtils.commonExecCmdWithResult function in the CloudTaskService.java file of the Cloud Task Dry-run component. Manipulating the fileName argument can lead to unauthorized command execution. Remote exploitation is possible, and the exploit is publicly available. The vendor was notified but did not respond.

Recommendations Update to version 1.5.1 or later. As a temporary workaround, restrict access to the vulnerable component Cloud Task Dry-run to minimize the risk of exploitation. Avoid using the parameter fileName in the affected function CommandUtils.commonExecCmdWithResult until the issue is resolved.