CVE-2026-39054

Name of the Vulnerable Software and Affected Versions Oinone Pamirs version 7.0.0

Description A command injection issue exists in the executeCommands() function of the CommandHelper class. The method initiates a shell process and writes unsanitized, attacker-controlled command strings directly to the process standard input, which can lead to arbitrary operating system command execution.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.