CVE-2026-46746EPSS p35.8%

CVE-2026-46746CVE-2026-46746

siemens / sinec_ins

Description

A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 6). The application does not properly sanitize user input in the /api/sftp/uploadFiles endpoint, allowing the injection of shell command payloads via crafted directory names. These payloads are stored and executed when directory listings are retrieved. This could allow an authenticated remote attacker to execute arbitrary commands on the underlying operating system with the privileges of the affected service user (sinecins).

Scoring

CVSS 8.8 ()
VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS0.45% probability of exploitation · percentile 35.8% · 2026-06-19T12:03:05Z
Last modified2026-06-12

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2026-46747
CVE
CVE-2026-46748
CVE
CVE-2025-40737
CVE
CVE-2025-40738
CVE
CVE-2026-46749
CVE
CVE-2026-25654
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.