CVE-2026-24712
Published: 14 May 2026
Summary
CVE-2026-24712 is a high-severity Command Injection (CWE-77) vulnerability in Northern.Tech Cfengine. Its CVSS base score is 7.3 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 40.4% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
Deeper analysis
CVE-2026-24712 is a command injection vulnerability, tracked under CWE-77, that affects Northern.tech CFEngine Enterprise and Community editions prior to versions 3.21.8, 3.24.3, and 3.27.0. The flaw carries a CVSS 3.1 base score of 7.3 with a vector of AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L, indicating network-reachable impact without authentication or user interaction.
An unauthenticated remote attacker can supply crafted input that results in arbitrary command execution on the affected CFEngine installation, yielding limited read, write, and disruption capabilities on the host.
Vendor guidance published at https://cfengine.com/blog/2026/cve-2026-24710-and-cve-2026-24711-and-cve-2026-24712/ and on the Northern.tech site directs users to upgrade to the fixed releases listed above.
EPSS for the CVE rose from a low baseline to a peak of 0.0287 on 2026-05-17 before receding to the current value of 0.0037, indicating a transient increase in exploitation interest shortly after public disclosure.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-30276
Vulnerability details
Northern.tech CFEngine Enterprise and Community before 3.21.8, 3.24.3, and 3.27.0 allows Command injection.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Command injection vulnerability (CWE-77) in a network-facing management tool directly enables remote code execution via T1190 and arbitrary command execution via T1059.
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.