Cyber Resilience

CVE-2026-23759

HighPublic PoCRCE

Published: 17 March 2026

Published
17 March 2026
Modified
01 May 2026
KEV Added
Patch
CVSS Score v4 8.6 CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0151 71.2th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2026-23759 is a high-severity OS Command Injection (CWE-78) vulnerability in Perle IOLAN STS (inferred from references). Its CVSS base score is 8.6 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Unix Shell (T1059.004); ranked in the top 28.8% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2026-23759 is an authenticated OS command injection vulnerability (CWE-78) in Perle IOLAN STS/SCS terminal server models running firmware versions prior to 6.0. The flaw exists in the restricted shell, accessible over Telnet or SSH, where the 'ps' command lacks proper argument sanitization. User-supplied parameters are passed unsanitized into an 'sh -c' invocation that executes as root, enabling injection of shell metacharacters.

An authenticated attacker with high privileges (PR:H) who can log into the device can exploit the vulnerability by appending shell metacharacters after the 'ps' subcommand. This allows execution of arbitrary OS commands with root privileges, leading to full compromise of the underlying operating system. The CVSS v3.1 base score is 7.2 (AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H), reflecting network accessibility, low complexity, and high impact on confidentiality, integrity, and availability.

Firmware versions 6.0 and later address the vulnerability. For mitigation details, patches, and configuration guidance, refer to the Perle downloads page at https://www.perle.com/downloads/server_sds_sts_rackmount.shtml, the IOLAN SCS/SDS/STS user guide at https://www.perle.com/support_services/documentation_pdfs/iolan_scs-sds-sts_ug.pdf, and the VulnCheck advisory at https://www.vulncheck.com/advisories/perle-iolan-sts-scs-authenticated-command-injection-via-shell-ps.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

Perle IOLAN STS/SCS terminal server models with firmware versions prior to 6.0 allow authenticated OS command injection via the restricted shell accessed over Telnet or SSH. The shell 'ps' command does not perform proper argument sanitization and passes user-supplied parameters…

more

into an 'sh -c' invocation running as root. An authenticated attacker who can log in to the device can inject shell metacharacters after the 'ps' subcommand to execute arbitrary OS commands with root privileges, leading to full compromise of the underlying operating system.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1059.004 Unix Shell Execution
Adversaries may abuse Unix shell commands and scripts for execution.
T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Why these techniques?

Authenticated command injection in restricted Unix shell (via unsanitized 'ps' into sh -c as root) directly enables arbitrary Unix command execution (T1059.004) and escalation from high-priv account to full root (T1068).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-26318Shared CWE-78
CVE-2026-5208Shared CWE-78
CVE-2025-70329Shared CWE-78
CVE-2024-49563Shared CWE-78
CVE-2026-33641Shared CWE-78
CVE-2026-22277Shared CWE-78
CVE-2024-49565Shared CWE-78
CVE-2026-42924Shared CWE-78
CVE-2025-66209Shared CWE-78
CVE-2025-22605Shared CWE-78

Affected Assets

Perle
IOLAN STS
inferred from references and description; NVD did not file a CPE for this CVE

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Timely remediation through firmware updates to version 6.0 or later directly eliminates the unsanitized argument handling in the 'ps' command of the restricted shell.

prevent

Mandates validation of user-supplied parameters passed to the 'ps' command to block injection of shell metacharacters into the root-executed 'sh -c' invocation.

prevent

Enforces least privilege on authenticated users accessing the restricted shell, limiting potential root escalation even if partial injection occurs.

References