CVE-2026-23678

HighPublic PoCRCE

Published: 24 February 2026

Published

24 February 2026

Modified

25 February 2026

KEV Added

—

Patch

—

CVSS Score 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0035 57.7th percentile

Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-23678 is a high-severity OS Command Injection (CWE-78) vulnerability in Binardat 10G08-0800Gsm Firmware. Its CVSS base score is 8.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Network Device CLI (T1059.008); ranked in the top 42.3% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 CM-7 (Least Functionality) and SI-10 (Information Input Validation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Network Device CLI (T1059.008) and 1 other technique. What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-10 Information Input Validation good match

prevent

Directly requires validation of untrusted inputs like the hostname parameter in the traceroute function to block command injection exploits.

SI-2 Flaw Remediation good match

prevent

Mandates timely remediation of identified flaws, such as patching the firmware vulnerability enabling arbitrary CLI command execution.

CM-7 Least Functionality good match

prevent

Enforces least functionality by prohibiting or restricting unnecessary diagnostic features like the vulnerable traceroute function in the web interface.

MITRE ATT&CK Enterprise TechniquesAI

T1059.008 Network Device CLI Execution

Adversaries may abuse scripting or built-in command line interpreters (CLI) on network devices to execute malicious command and payloads.

attack.mitre.org →

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

Why these techniques?

CVE enables command injection in web management interface, directly facilitating Network Device CLI execution (T1059.008) and exploitation of a public-facing web application (T1190).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

NVD Description

Binardat 10G08-0800GSM network switch firmware version V300SP10260209 and prior contain a command injection vulnerability in the traceroute diagnostic function of the affected device web management interface. By injecting the %1a character into the hostname parameter, an authenticated attacker with access…

to the web interface can execute arbitrary CLI commands on the device.

Deeper analysisAI

CVE-2026-23678 is a command injection vulnerability (CWE-78) in the traceroute diagnostic function of the web management interface on Binardat 10G08-0800GSM network switch firmware version V300SP10260209 and prior. Published on 2026-02-24, it has a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating high severity due to its potential for significant impact on confidentiality, integrity, and availability.

An authenticated attacker with access to the web management interface can exploit the vulnerability remotely by injecting the %1a character into the hostname parameter during traceroute execution. This allows the attacker to run arbitrary CLI commands on the underlying device, enabling full control over the switch's operations.

Mitigation guidance is available in advisories and vendor resources, including the VulnCheck advisory at https://www.vulncheck.com/advisories/binardat-10g08-0800gsm-network-switch-traceroute-cli-command-injection and the Binardat product page at https://www.binardat.com/products/8-port-10-gigabit-sfp-managed-switch,-support-1g-sfp-and-10g-sfp-module,-160gbps-bandwidth,-l3-web-managed,-metal-fanless-fiber-binardat-network-switch.