CVE-2026-0779
Published: 23 January 2026
Summary
CVE-2026-0779 is a high-severity OS Command Injection (CWE-78) vulnerability in Algosolutions 8180 Ip Audio Alerter Firmware. Its CVSS base score is 8.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 40.9% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly addresses the core flaw by requiring validation of user-supplied strings before use in system calls, preventing command injection.
Mandates timely flaw remediation for this specific ping command injection vulnerability through patching or vendor updates.
Reduces attack surface by configuring the device to enable only essential capabilities, allowing restriction or disablement of the vulnerable ping feature in the web UI.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The vulnerability is a command injection (CWE-78/77) in a public-facing web UI leading to RCE, directly mapping to T1190 (Exploit Public-Facing Application) and enabling execution via Unix Shell (T1059.004) on the likely Linux-based device.
NVD Description
ALGO 8180 IP Audio Alerter Ping Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of ALGO 8180 IP Audio Alerter devices. Authentication is required to exploit this vulnerability. The specific…
more
flaw exists within the web-based user interface. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of the device. Was ZDI-CAN-25568.
Deeper analysisAI
CVE-2026-0779 is a ping command injection vulnerability leading to remote code execution in ALGO 8180 IP Audio Alerter devices. The flaw exists in the web-based user interface, where a user-supplied string is not properly validated before being passed to a system call, enabling command injection as classified under CWE-78 and CWE-77. This issue allows attackers to execute arbitrary code in the context of the device.
Remote attackers who possess valid authentication (low privileges required) can exploit this vulnerability over the network with low attack complexity and no user interaction. Successful exploitation grants high-impact access to confidentiality, integrity, and availability, as reflected in the CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).
The Zero Day Initiative advisory ZDI-26-001, published in reference to ZDI-CAN-25568, provides further details on the vulnerability at https://www.zerodayinitiative.com/advisories/ZDI-26-001/.
Details
- CWE(s)