Cyber Posture

CVE-2026-5967

High

Published: 20 April 2026

Published
20 April 2026
Modified
20 April 2026
KEV Added
Patch
CVSS Score 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0014 33.6th percentile
Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Description

ThreatSonar Anti-Ransomware developed by TeamT5 has an Privilege Escalation vulnerability. Authenticated remote attackers with shell access can inject OS commands and execute them with root privileges.

Mitigating Controls (NIST 800-53 r5)AI

SI-10 Information Input Validation good match
prevent

Directly prevents the OS command injection vulnerability in ThreatSonar by validating shell inputs to block arbitrary command execution with root privileges.

AC-6 Least Privilege good match
prevent

Enforces least privilege on the ThreatSonar shell process, preventing injected commands from executing with unnecessary root privileges even if injection occurs.

SI-2 Flaw Remediation good match
prevent

Remediates the specific privilege escalation flaw in ThreatSonar Anti-Ransomware through timely identification, testing, and application of vendor-provided patches.

Security SummaryAI

CVE-2026-5967 is a privilege escalation vulnerability in ThreatSonar Anti-Ransomware, a product developed by TeamT5. The flaw enables authenticated remote attackers with shell access to inject operating system commands, which then execute with root privileges. Classified under CWE-78 (OS Command Injection), it received a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) upon publication on 2026-04-20.

Attackers require low privileges, specifically authentication and remote shell access to the affected system, to exploit this vulnerability over the network with low complexity and no user interaction. Successful exploitation allows injection and execution of arbitrary OS commands as root, resulting in high impacts to confidentiality, integrity, and availability, potentially leading to full system compromise.

Advisories from TWCERT/CC, available at https://www.twcert.org.tw/en/cp-139-10855-e6d1b-2.html and https://www.twcert.org.tw/tw/cp-132-10854-03015-1.html, provide further details on the vulnerability and mitigation guidance.

Details

CWE(s)
CWE-78

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
attack.mitre.org →
Why these techniques?

Privilege escalation vulnerability via OS command injection (CWE-78) directly enables Exploitation for Privilege Escalation (T1068).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

References