CVE-2026-20759HIGH 8.8EPSS p71.0%

CVE-2026-20759CVE-2026-20759

Description

OS Command Injection vulnerability exists in multiple Network Cameras TRIFORA 3 series provided by TOA Corporation, which may allow a logged-in user with the low("monitoring user") or higher privilege to execute an arbitrary OS command.

Scoring

CVSS 3.08.8 (HIGH)
VectorCVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS1.50% probability of exploitation · percentile 71.0% · 2026-06-18T12:00:27Z
Published2026-01-16
Last modified2026-04-15

Underlying weaknesses· 1

CWE-78

References

  1. https://jvn.jp/en/jp/JVN08087148/
  2. https://www.toa-products.com/securityinfo/pdf/tv2025-001jp.pdf

1

TypeTargetConfidenceTier
WeaknessImproper Neutralization of Special Elements used in an OS Command ('OS Command Injection')cwe-780%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-52089
CVE
CVE-2026-0855
CVE
CVE-2026-9543
CVE
CVE-2026-5965
CVE
CVE-2026-8603
CVE
CVE-2025-52046
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.