网安资讯详情 - SecLens 情报雷达

网安资讯,一网打尽。汇集权威漏洞通告与行业要闻,结合分组浏览、智能过滤、RSS订阅 和 Webhook 推送,多通道拓展您的安全情报视野。

CVE-2026-11408 | vertex-app vertex up to 2026.02.12 Log Viewer Endpoint app/model/LogMod.js req.query os command injection

来源: vuldb · 发布时间 2026-06-06 02:39 (UTC+08:00) · 抓取时间 2026-06-06 03:01 (UTC+08:00)

原文链接

摘要

A vulnerability labeled as <a href="https://vuldb.com/kb/risk">critical</a> has been found in <a href="https://vuldb.com/product/vertex-app:vertex">vertex-app vertex up to 2026.02.12</a>. This issue affects some unknown processing of the file <em>app/model/LogMod.js</em> of the component <em>Log Viewer Endpoint</em>. Such manipulation of the argument <em>req.query</em> leads to os command injection. This vulnerability is documented as <a href="https://vuldb.com/cve/CVE-2026-11408">CVE-2026-11408</a>. The attack can be executed remotely. Additionally, an exploit exists. It is best practice to apply a patch to resolve this issue.

标签

扩展字段

{
  "raw_pub_date": "Fri, 05 Jun 2026 20:39:00 +0200"
}