CVE-2026-3066

Name of the Vulnerable Software and Affected Versions HummerRisk versions up to 1.5.0

Description A flaw exists in HummerRisk that allows for command injection. The issue is located within the fixedCommand function in the file hummer-common/hummer-common-core/src/main/java/com/hummer/common/core/utils/PlatformUtils.java, part of the Cloud Compliance Scanning component. This allows for remote execution of manipulated commands. The exploit for this issue has been published.

Recommendations Versions prior to 1.5.0 should be used. As a temporary workaround, consider restricting access to the fixedCommand function until a patch is available.