Cyber Resilience

CVE-2026-22623

HighRCE

Published: 30 January 2026

Published
30 January 2026
Modified
15 April 2026
KEV Added
Patch
CVSS Score v3.1 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0003 10.6th percentile
Risk Priority 14 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-22623 is a high-severity Command Injection (CWE-77) vulnerability in Hiksemitech (inferred from references). Its CVSS base score is 7.2 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 10.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and AC-6 (Least Privilege).

Deeper analysis

CVE-2026-22623, published on 2026-01-30, affects certain HIKSEMI NAS products due to insufficient input parameter validation on the interface. This command injection vulnerability (CWE-77) enables authenticated users to execute arbitrary commands on the device by crafting specific messages. It carries a CVSS v3.1 base score of 7.2 (AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H), indicating high severity with network accessibility and significant impacts on confidentiality, integrity, and availability.

An attacker with high privileges, such as an authenticated administrative user, can exploit this vulnerability remotely over the network with low complexity and no user interaction required. By sending specially crafted messages, the attacker achieves arbitrary command execution on the underlying device, potentially leading to full compromise including data exfiltration, modification, or disruption of NAS operations.

Mitigation guidance is available in the vendor's security advisory at https://www.hiksemitech.com/en/hiksemi/support/security-advisory.html.

EU & UK References

Vulnerability details

Due to insufficient input parameter validation on the interface, authenticated users of certain HIKSEMI NAS products can execute arbitrary commands on the device by crafting specific messages.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1059.004 Unix Shell Execution
Adversaries may abuse Unix shell commands and scripts for execution.
Why these techniques?

Command injection (CWE-77) on network-accessible NAS device directly enables remote arbitrary command execution by authenticated admins (T1190) via Unix shell (T1059.004).

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2026-4048Shared CWE-77
CVE-2026-31059Shared CWE-77
CVE-2026-22284Shared CWE-77
CVE-2024-39783Shared CWE-77
CVE-2024-57583Shared CWE-77
CVE-2026-46368Shared CWE-77
CVE-2024-39781Shared CWE-77
CVE-2024-39367Shared CWE-77
CVE-2026-3518Shared CWE-77
CVE-2024-57590Shared CWE-77

Affected Assets

Hiksemitech
inferred from references and description; NVD did not file a CPE for this CVE

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires validation of input parameters on interfaces, which would block the crafted messages enabling command injection in this CVE.

prevent

Enforces least privilege so that even authenticated administrative accounts cannot reach arbitrary command execution surfaces exposed by the vulnerable interface.

prevent

Requires timely remediation of identified flaws such as the CWE-77 command injection described in the vendor advisory for this CVE.

References