CVE-2026-3828

High

Published: 09 May 2026

Published

09 May 2026

Modified

09 May 2026

KEV Added

—

Patch

—

CVSS Score 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0003 9.7th percentile

Risk Priority 14 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-3828 is a high-severity an unspecified weakness vulnerability in Hikvision (inferred from references). Its CVSS base score is 7.2 (High).

Operationally, ranked at the 9.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

NVD Description

Some Hikvision switch products (discontinued since December 2023) are vulnerable to authenticated remote command execution due to insufficient input validation. Attackers with valid credentials can exploit this flaw by sending crafted packets containing malicious commands to affected devices, leading to…

arbitrary command execution.

Deeper analysisAI

Automated synthesis unavailable for this CVE.

Details

CWE(s): None listed

Affected Products

Hikvision

—

inferred from references and description; NVD did not file a CPE for this CVE

References

https://www.hikvision.com/en/support/cybersecurity/security-advisory/command-execution-vulnerability-in-some-hikvision-switch-product/
hsrc@hikvision.com