CVE-2026-0787
Published: 23 January 2026
Summary
CVE-2026-0787 is a critical-severity OS Command Injection (CWE-78) vulnerability in Algosolutions 8180 Ip Audio Alerter Firmware. Its CVSS base score is 9.8 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 30.6% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 AC-14 (Permitted Actions Without Identification or Authentication) and SI-10 (Information Input Validation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly requires validation of user-supplied strings prior to processing in system calls, addressing the core flaw in the SAC module that enables command injection.
Mandates timely identification, reporting, and correction of flaws like this command injection vulnerability, preventing exploitation through remediation such as patching.
Limits permitted actions without identification or authentication, mitigating unauthenticated remote exploitation of the SAC module vulnerability.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Unauthenticated remote OS command injection enables exploitation of a public-facing application (T1190) and arbitrary Unix shell command execution (T1059.004).
NVD Description
ALGO 8180 IP Audio Alerter SAC Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of ALGO 8180 IP Audio Alerter devices. Authentication is not required to exploit this vulnerability. The…
more
specific flaw exists within the SAC module. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of the device. Was ZDI-CAN-28296.
Deeper analysisAI
CVE-2026-0787 is a SAC command injection vulnerability that enables remote code execution on ALGO 8180 IP Audio Alerter devices. The flaw resides in the SAC module, where a user-supplied string is not properly validated before being used in a system call, allowing attackers to inject and execute arbitrary commands. Published on 2026-01-23, this issue carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) and is associated with CWE-78 (OS Command Injection). It was originally tracked as ZDI-CAN-28296.
Remote attackers can exploit this vulnerability without authentication, privileges, or user interaction, simply by sending crafted requests over the network. Exploitation results in arbitrary code execution in the context of the device, granting high-impact access to confidentiality, integrity, and availability.
The Zero Day Initiative advisory at https://www.zerodayinitiative.com/advisories/ZDI-26-009/ provides further details on this vulnerability.
Details
- CWE(s)