CVE-2026-23759
Published: 17 March 2026
Summary
CVE-2026-23759 is a high-severity OS Command Injection (CWE-78) vulnerability in Perle IOLAN STS (inferred from references). Its CVSS base score is 8.6 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Unix Shell (T1059.004); ranked in the top 28.8% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Deeper analysis
CVE-2026-23759 is an authenticated OS command injection vulnerability (CWE-78) in Perle IOLAN STS/SCS terminal server models running firmware versions prior to 6.0. The flaw exists in the restricted shell, accessible over Telnet or SSH, where the 'ps' command lacks proper argument sanitization. User-supplied parameters are passed unsanitized into an 'sh -c' invocation that executes as root, enabling injection of shell metacharacters.
An authenticated attacker with high privileges (PR:H) who can log into the device can exploit the vulnerability by appending shell metacharacters after the 'ps' subcommand. This allows execution of arbitrary OS commands with root privileges, leading to full compromise of the underlying operating system. The CVSS v3.1 base score is 7.2 (AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H), reflecting network accessibility, low complexity, and high impact on confidentiality, integrity, and availability.
Firmware versions 6.0 and later address the vulnerability. For mitigation details, patches, and configuration guidance, refer to the Perle downloads page at https://www.perle.com/downloads/server_sds_sts_rackmount.shtml, the IOLAN SCS/SDS/STS user guide at https://www.perle.com/support_services/documentation_pdfs/iolan_scs-sds-sts_ug.pdf, and the VulnCheck advisory at https://www.vulncheck.com/advisories/perle-iolan-sts-scs-authenticated-command-injection-via-shell-ps.
OWASP Top 10 for Web (2025)
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-12580
Vulnerability details
Perle IOLAN STS/SCS terminal server models with firmware versions prior to 6.0 allow authenticated OS command injection via the restricted shell accessed over Telnet or SSH. The shell 'ps' command does not perform proper argument sanitization and passes user-supplied parameters…
more
into an 'sh -c' invocation running as root. An authenticated attacker who can log in to the device can inject shell metacharacters after the 'ps' subcommand to execute arbitrary OS commands with root privileges, leading to full compromise of the underlying operating system.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Authenticated command injection in restricted Unix shell (via unsanitized 'ps' into sh -c as root) directly enables arbitrary Unix command execution (T1059.004) and escalation from high-priv account to full root (T1068).
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Timely remediation through firmware updates to version 6.0 or later directly eliminates the unsanitized argument handling in the 'ps' command of the restricted shell.
Mandates validation of user-supplied parameters passed to the 'ps' command to block injection of shell metacharacters into the root-executed 'sh -c' invocation.
Enforces least privilege on authenticated users accessing the restricted shell, limiting potential root escalation even if partial injection occurs.