PT-2026-21655 · Unknown · Hummerrisk

Ana10Gy

Published

2026-02-24

Updated

2026-02-24

CVE-2026-3064

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions HummerRisk versions up to 1.5.0

Description A security issue exists in HummerRisk that allows for command injection. This is due to manipulation of the regionId argument within the ResourceCreateService.java file of the Cloud Task Scheduler component. The attack can be launched remotely, and the exploit has been publicly disclosed. The vendor was informed of the disclosure but did not respond.

Recommendations Versions prior to 1.5.0 should be updated. As a temporary workaround, consider restricting access to the Cloud Task Scheduler component to minimize the risk of exploitation.

Exploit

Fix

Command Injection

Special Elements Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-77CWE-74

Related Identifiers

CVE-2026-3064

Affected Products

Hummerrisk

PT-2026-21655 · Unknown · Hummerrisk

CVE-2026-3064

Weakness Enumeration

Related Identifiers

Affected Products

References · 9