CVE-2026-22317
Published: 18 March 2026
Summary
CVE-2026-22317 is a high-severity Command Injection (CWE-77) vulnerability in Certvde (inferred from references). Its CVSS base score is 7.2 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 9.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Deeper analysis
CVE-2026-22317 is a command injection vulnerability (CWE-77) in the device's Root CA certificate transfer workflow. It affects the underlying Linux operating system, where crafted HTTP POST requests can lead to arbitrary command execution with root privileges. The vulnerability received a CVSS v3.1 base score of 7.2 (AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H) and was published on 2026-03-18.
A high-privileged attacker with network access can exploit this vulnerability by sending specially crafted HTTP POST requests to the Root CA certificate transfer endpoint. Successful exploitation results in arbitrary command execution on the Linux OS as root, potentially allowing full system compromise, including data theft, modification, or disruption.
For mitigation details, refer to the advisory published by CERT VDE at https://certvde.com/de/advisories/VDE-2025-104.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-12786
Vulnerability details
A command injection vulnerability in the device’s Root CA certificate transfer workflow allows a high-privileged attacker to send crafted HTTP POST requests that result in arbitrary command execution on the underlying Linux OS with root privileges.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Command injection in network-accessible Root CA endpoint directly enables T1190 exploitation of public-facing app and T1059.004 Unix shell command execution as root.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly prevents command injection by requiring validation and sanitization of crafted HTTP POST inputs in the Root CA certificate transfer workflow.
Remediates the specific command injection flaw (CVE-2026-22317) through identification, reporting, and timely patching of the vulnerable endpoint.
Limits damage from injected commands by enforcing least privilege on the Root CA certificate transfer process, preventing unnecessary root-level execution.