Question 1

What is CVE-2026-40456 — CVE-2026-40456?

Accepted Answer

An OS Command Injection vulnerability exists in LMS (LAN Management System) before commit 9fcb4de due to an IP address parameter being passed to the "exec()" function without proper validation, allowing attackers to execute arbitrary operating system commands.

Question 2

What is the authoritative source for CVE-2026-40456?

Accepted Answer

CVE-2026-40456 (CVE-2026-40456) is catalogued in NVD + CISA KEV + FIRST EPSS and curated for EU compliance use cases by SQUR.

CVE-2026-40456CVE-2026-40456

Description

Scoring