CVE-2026-33613HIGH 8.8EPSS p38.8%

CVE-2026-33613CVE-2026-33613

Description

Due to the improper neutralisation of special elements used in an OS command, a remote attacker can exploit an RCE vulnerability in the generateSrpArray function, resulting in full system compromise. This vulnerability can only be attacked if the attacker has some other way to write arbitrary data to the user table.

Scoring

CVSS 3.18.8 (HIGH)
VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS0.50% probability of exploitation · percentile 38.8% · 2026-06-18T12:00:27Z
Published2026-04-02
Last modified2026-04-16

Underlying weaknesses· 1

CWE-78

References

  1. https://certvde.com/de/advisories/VDE-2026-030
  2. https://mbconnectline.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-030.json

1

TypeTargetConfidenceTier
WeaknessImproper Neutralization of Special Elements used in an OS Command ('OS Command Injection')cwe-780%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2026-32968
CVE
CVE-2025-64128
CVE
CVE-2025-55055
CVE
CVE-2025-23181
CVE
CVE-2025-31713
CVE
CVE-2025-6542
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.