CVE-2026-1428
Published: 26 January 2026
Description
Single Sign-On Portal System developed by WellChoose has a OS Command Injection vulnerability, allowing authenticated remote attackers to inject arbitrary OS commands and execute them on the server.
Mitigating Controls (NIST 800-53 r5)AI
Directly prevents OS command injection in the WellChoose SSO portal by validating and sanitizing authenticated user inputs before OS command execution.
Restricts classes of inputs to the SSO system, blocking special characters and payloads that enable arbitrary OS command injection.
Remediates the specific OS command injection flaw (CVE-2026-1428) through timely patching or vendor-recommended fixes.
Security SummaryAI
CVE-2026-1428, published on 2026-01-26, is an OS Command Injection vulnerability (CWE-78) affecting the Single Sign-On Portal System developed by WellChoose. The flaw enables authenticated remote attackers to inject arbitrary OS commands, which are then executed on the server. It carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating high severity due to network accessibility, low attack complexity, and significant impacts across confidentiality, integrity, and availability.
Attackers require low privileges (PR:L) and authentication to exploit the vulnerability remotely over the network, with no user interaction needed. Exploitation allows them to execute arbitrary operating system commands on the server, potentially enabling full control over the affected system, data exfiltration, modification of critical files, or disruption of services.
Advisories from TWCERT detail mitigation strategies and are available at https://www.twcert.org.tw/en/cp-139-10655-59160-2.html and https://www.twcert.org.tw/tw/cp-132-10654-23f40-1.html.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
OS command injection in a remote SSO portal enables exploitation of remote services (T1210) to achieve arbitrary command execution via OS interpreters (T1059).