Cyber Resilience

CVE-2026-0774

High

Published: 23 January 2026

Published
23 January 2026
Modified
15 April 2026
KEV Added
Patch
CVSS Score v3 8.8 CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0066 47.0th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2026-0774 is a high-severity Argument Injection (CWE-88) vulnerability in Zerodayinitiative (inferred from references). Its CVSS base score is 8.8 (High).

Operationally, ranked at the 47.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

WatchYourLAN Configuration Page Argument Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of WatchYourLAN. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the…

more

arpstrs parameter. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-26708.

CWE(s)

Related Threats

CVEs Like This One

CVE-2026-44193Shared CWE-88
CVE-2026-24061Shared CWE-88
CVE-2026-22582Shared CWE-88
CVE-2026-22168Shared CWE-88
CVE-2026-43893Shared CWE-88
CVE-2026-1716Shared CWE-88
CVE-2025-41761Shared CWE-88
CVE-2025-15316Shared CWE-88
CVE-2026-24126Shared CWE-88
CVE-2026-41013Shared CWE-88

Affected Assets

Zerodayinitiative
inferred from references and description; NVD did not file a CPE for this CVE

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References