Cyber Resilience

CVE-2026-0779

HighRCE

Published: 23 January 2026

Published
23 January 2026
Modified
18 February 2026
KEV Added
Patch
CVSS Score v3.1 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0150 70.9th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2026-0779 is a high-severity OS Command Injection (CWE-78) vulnerability in Algosolutions 8180 Ip Audio Alerter Firmware. Its CVSS base score is 8.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 29.1% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2026-0779 is a ping command injection vulnerability leading to remote code execution in ALGO 8180 IP Audio Alerter devices. The flaw exists in the web-based user interface, where a user-supplied string is not properly validated before being passed to a system call, enabling command injection as classified under CWE-78 and CWE-77. This issue allows attackers to execute arbitrary code in the context of the device.

Remote attackers who possess valid authentication (low privileges required) can exploit this vulnerability over the network with low attack complexity and no user interaction. Successful exploitation grants high-impact access to confidentiality, integrity, and availability, as reflected in the CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).

The Zero Day Initiative advisory ZDI-26-001, published in reference to ZDI-CAN-25568, provides further details on the vulnerability at https://www.zerodayinitiative.com/advisories/ZDI-26-001/.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

ALGO 8180 IP Audio Alerter Ping Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of ALGO 8180 IP Audio Alerter devices. Authentication is required to exploit this vulnerability. The specific…

more

flaw exists within the web-based user interface. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of the device. Was ZDI-CAN-25568.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1059.004 Unix Shell Execution
Adversaries may abuse Unix shell commands and scripts for execution.
Why these techniques?

The vulnerability is a command injection (CWE-78/77) in a public-facing web UI leading to RCE, directly mapping to T1190 (Exploit Public-Facing Application) and enabling execution via Unix Shell (T1059.004) on the likely Linux-based device.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-0796Same product: Algosolutions 8180 Ip Audio Alerter
CVE-2026-0787Same product: Algosolutions 8180 Ip Audio Alerter
CVE-2026-0780Same product: Algosolutions 8180 Ip Audio Alerter
CVE-2026-0784Same product: Algosolutions 8180 Ip Audio Alerter
CVE-2026-0783Same product: Algosolutions 8180 Ip Audio Alerter
CVE-2026-0785Same product: Algosolutions 8180 Ip Audio Alerter
CVE-2026-0781Same product: Algosolutions 8180 Ip Audio Alerter
CVE-2026-0782Same product: Algosolutions 8180 Ip Audio Alerter
CVE-2026-0795Same product: Algosolutions 8180 Ip Audio Alerter
CVE-2026-0794Same product: Algosolutions 8180 Ip Audio Alerter

Affected Assets

algosolutions
8180 ip audio alerter firmware
5.5

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly addresses the core flaw by requiring validation of user-supplied strings before use in system calls, preventing command injection.

prevent

Mandates timely flaw remediation for this specific ping command injection vulnerability through patching or vendor updates.

prevent

Reduces attack surface by configuring the device to enable only essential capabilities, allowing restriction or disablement of the vulnerable ping feature in the web UI.

References