Cyber Resilience

CVE-2026-2184

MediumPublic PoC

Published: 08 February 2026

Published
08 February 2026
Modified
24 February 2026
KEV Added
Patch
CVSS Score v4 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0990 95.0th percentile
Risk Priority 35 floored blend · peak EPSS

Summary

CVE-2026-2184 is a medium-severity Command Injection (CWE-77) vulnerability in Greatdevelopers Certificate. Its CVSS base score is 6.9 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 5.0% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and AC-6 (Least Privilege).

Deeper analysis

A vulnerability has been identified in the Great Developers Certificate Generation System through commit 97171bb0e5e22e52eacf4e4fa81773e5f3cffb73. The issue resides in an unspecified portion of the file /restructured/csv.php, where manipulation of the photo argument permits OS command injection. The flaw is tracked under CWE-77 and CWE-78, carries a CVSS 4.0 score of 6.9, and can be triggered remotely; the project follows a rolling release model with no specific version identifiers available, and its repository has shown no activity for several years.

An unauthenticated remote attacker can supply a crafted photo parameter to the affected endpoint and execute arbitrary operating system commands on the underlying server, resulting in limited impacts to confidentiality, integrity, and availability without requiring user interaction or elevated privileges.

Public references, including a detailed disclosure on GitHub and entries in Vuldb, do not describe vendor patches or configuration workarounds. The associated EPSS score rose from a low baseline to a peak of 0.0123 on 2026-02-14 before receding to 0.0007, indicating a temporary increase in exploitation interest shortly after disclosure.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

A vulnerability was detected in Great Developers Certificate Generation System up to 97171bb0e5e22e52eacf4e4fa81773e5f3cffb73. This vulnerability affects unknown code of the file /restructured/csv.php. The manipulation of the argument photo results in os command injection. The attack can be executed remotely. This…

more

product implements a rolling release for ongoing delivery, which means version information for affected or updated releases is unavailable. The code repository of the project has not been active for many years.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1059 Command and Scripting Interpreter Execution
Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries.
Why these techniques?

OS command injection in public-facing web component (/restructured/csv.php) directly enables remote arbitrary command execution (T1190) via shell interpreters (T1059).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-2183Same product: Greatdevelopers Certificate
CVE-2026-7062Shared CWE-77, CWE-78
CVE-2025-1676Shared CWE-77, CWE-78
CVE-2026-1544Shared CWE-77, CWE-78
CVE-2025-1536Shared CWE-77, CWE-78
CVE-2025-59740Shared CWE-77, CWE-78
CVE-2026-7590Shared CWE-77, CWE-78
CVE-2026-4585Shared CWE-77, CWE-78
CVE-2025-59736Shared CWE-77, CWE-78
CVE-2026-4170Shared CWE-77, CWE-78

Affected Assets

greatdevelopers
certificate
≤ 2017-10-16

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Validates the photo argument in csv.php to reject malicious input that would otherwise produce OS command injection.

prevent

Restricts privileges of the web-server process so that even a successful injection yields only limited OS command effects.

detect

Monitors for anomalous command execution or unexpected child processes spawned by the affected PHP endpoint.

References