PT-2026-50878 · Sima Gmbh · Bondix Server

Jonas Friedli

Published

2026-06-19

Updated

2026-06-19

CVE-2026-12104

CVSS v4.0

8.6

High

Vector

AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/AU:Y/R:U/RE:L/U:Amber

OS command injection in the environment and tunnel configuration functionality in SIMA GmbH Bondix through version 1.25.7.5 on Linux allows an authenticated attacker with configuration write access to execute arbitrary operating-system commands via crafted configuration values passed to server-side scripts.

Fix

OS Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-78

Related Identifiers

CVE-2026-12104

Affected Products

Bondix Server

PT-2026-50878 · Sima Gmbh · Bondix Server

CVE-2026-12104

Weakness Enumeration

Related Identifiers

Affected Products

References · 3