CVE-2026-1413
Published: 26 January 2026
Summary
CVE-2026-1413 is a medium-severity Injection (CWE-74) vulnerability in Sangfor Operation And Maintenance Security Management System. Its CVSS base score is 6.3 (Medium).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 17.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
Threat & Defense at a Glance
Threat & Defense Details
Likely Mitigating ControlsAI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
Developer assessments and testing (including injection-focused techniques) identify improper neutralization of special elements, and the verifiable flaw remediation corrects them pre-deployment.
Identifies indicators of injection attacks (command, SQL, LDAP, etc.) via anomaly and attack monitoring.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Command injection in remotely accessible web management system directly enables remote code execution via Unix shell.
NVD Description
A vulnerability was found in Sangfor Operation and Maintenance Security Management System up to 3.0.12. This affects the function portValidate of the file /fort/ip_and_port/port_validate of the component HTTP POST Request Handler. Performing a manipulation of the argument port results in…
more
command injection. The attack can be initiated remotely. The exploit has been made public and could be used.
Deeper analysisAI
CVE-2026-1413 is a command injection vulnerability affecting the Sangfor Operation and Maintenance Security Management System up to version 3.0.12. The issue resides in the portValidate function within the file /fort/ip_and_port/port_validate of the HTTP POST Request Handler component. Manipulation of the 'port' argument enables arbitrary command execution, classified under CWE-74 and CWE-77.
The vulnerability allows remote exploitation by attackers with low privileges (PR:L), low attack complexity (AC:L), and no user interaction (UI:N). Successful attacks result in low impacts to confidentiality, integrity, and availability (C:L/I:L/A:L), yielding a CVSS 3.1 base score of 6.3. An exploit for this vulnerability has been made public.
Advisories and additional details are available in references including the GitHub issue at https://github.com/LX-LX88/cve/issues/23 and VulDB entries at https://vuldb.com/?ctiid.342802, https://vuldb.com/?id.342802, and https://vuldb.com/?submit.736522. The CVE was published on 2026-01-26.
Details
- CWE(s)