CVE-2026-0786

High

Published: 23 January 2026

Published

23 January 2026

Modified

18 February 2026

KEV Added

—

Patch

—

CVSS Score 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0074 73.1th percentile

Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Description

ALGO 8180 IP Audio Alerter SCI Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of ALGO 8180 IP Audio Alerter devices. Authentication is required to exploit this vulnerability. The specific…

flaw exists within the SCI module. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of the device. Was ZDI-CAN-28295.

Mitigating Controls (NIST 800-53 r5)AI

SI-10 Information Input Validation good match

prevent

SI-10 mandates validation of user-supplied inputs before processing, directly addressing the lack of proper validation of strings passed to system calls in the SCI module.

SI-2 Flaw Remediation good match

prevent

SI-2 requires timely flaw remediation through identification, reporting, and patching of the command injection vulnerability in the device firmware.

AC-6 Least Privilege partial match

prevent

AC-6 enforces least privilege on accounts and processes accessing the SCI module, limiting the scope and impact of remote code execution even with low-privilege authentication.

Security SummaryAI

CVE-2026-0786 is a command injection vulnerability leading to remote code execution in the ALGO 8180 IP Audio Alerter devices. The flaw resides in the SCI module, where insufficient validation of user-supplied strings allows them to be passed directly to system calls. This issue, tracked as ZDI-CAN-28295, carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) and is associated with CWE-78 (Improper Neutralization of Special Elements used in an OS Command).

Remote attackers with valid authentication (low privileges required) can exploit this vulnerability over the network with low complexity and no user interaction. Successful exploitation enables arbitrary code execution in the context of the device, potentially granting high-impact confidentiality, integrity, and availability compromises.

The Zero Day Initiative has published advisory ZDI-26-008 at https://www.zerodayinitiative.com/advisories/ZDI-26-008/, which details the vulnerability and associated remediation guidance.

Details

CWE(s): CWE-78

Affected Products

algosolutions

8180 ip audio alerter firmware

5.5

MITRE ATT&CK Enterprise TechniquesAI

T1210 Exploitation of Remote Services Lateral Movement

Adversaries may exploit remote services to gain unauthorized access to internal systems once inside of a network.

attack.mitre.org →

Why these techniques?

Command injection vulnerability enables remote code execution on a network-accessible device service with low-privilege authentication, directly facilitating Exploitation of Remote Services (T1210).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

References

https://www.zerodayinitiative.com/advisories/ZDI-26-008/
Third Party Advisory · zdi-disclosures@trendmicro.com