CVE-2026-10871
Published: 04 June 2026
Summary
CVE-2026-10871 is a high-severity Command Injection (CWE-77) vulnerability in Gitee (inferred from references). Its CVSS base score is 7.3 (High).
Operationally, ranked in the top 19.8% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-34332
Vulnerability details
A vulnerability has been found in Shibby Tomato 1.28.0000. This vulnerability affects the function start_6rd_tunnel of the file /sbin/rc of the component Web UI. Such manipulation of the argument ipv6_6rd_borderrelay leads to os command injection. It is possible to launch…
more
the attack remotely. The exploit has been disclosed to the public and may be used. This project is superseded by FreshTomato.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.