CVE-2026-39054

High

Published: 15 May 2026

Published

15 May 2026

Modified

15 May 2026

KEV Added

—

Patch

—

CVSS Score 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

EPSS Score 0.0135 80.2th percentile

Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-39054 is a high-severity Command Injection (CWE-77) vulnerability in Oinone Pamirs (inferred from references). Its CVSS base score is 7.3 (High).

Operationally, ranked in the top 19.8% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

NVD Description

Oinone Pamirs 7.0.0 contains a command injection vulnerability in CommandHelper.executeCommands. The method starts a shell process and writes attacker-controlled command strings directly to the process standard input without sanitization. In affected deployments, this can result in arbitrary operating system command…

execution.

Deeper analysisAI

Automated synthesis unavailable for this CVE.

Details

CWE(s): CWE-77

Affected Products

Oinone

Pamirs

inferred from references and description; NVD did not file a CPE for this CVE

References

https://gist.github.com/Misakim1/859c3eb9ced699089ee0747dae9bedc1
cve@mitre.org
https://github.com/oinone/oinone-pamirs
cve@mitre.org
https://www.oinone.top/changelog
cve@mitre.org