Cyber Resilience

CVE-2026-24712

High

Published: 14 May 2026

Published
14 May 2026
Modified
19 May 2026
KEV Added
Patch
CVSS Score v3.1 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
EPSS Score 0.0037 59.6th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-24712 is a high-severity Command Injection (CWE-77) vulnerability in Northern.Tech Cfengine. Its CVSS base score is 7.3 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 40.4% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

Deeper analysis

CVE-2026-24712 is a command injection vulnerability, tracked under CWE-77, that affects Northern.tech CFEngine Enterprise and Community editions prior to versions 3.21.8, 3.24.3, and 3.27.0. The flaw carries a CVSS 3.1 base score of 7.3 with a vector of AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L, indicating network-reachable impact without authentication or user interaction.

An unauthenticated remote attacker can supply crafted input that results in arbitrary command execution on the affected CFEngine installation, yielding limited read, write, and disruption capabilities on the host.

Vendor guidance published at https://cfengine.com/blog/2026/cve-2026-24710-and-cve-2026-24711-and-cve-2026-24712/ and on the Northern.tech site directs users to upgrade to the fixed releases listed above.

EPSS for the CVE rose from a low baseline to a peak of 0.0287 on 2026-05-17 before receding to the current value of 0.0037, indicating a transient increase in exploitation interest shortly after public disclosure.

EU & UK References

Vulnerability details

Northern.tech CFEngine Enterprise and Community before 3.21.8, 3.24.3, and 3.27.0 allows Command injection.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1059 Command and Scripting Interpreter Execution
Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries.
Why these techniques?

Command injection vulnerability (CWE-77) in a network-facing management tool directly enables remote code execution via T1190 and arbitrary command execution via T1059.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

Affected Assets

northern.tech
cfengine
3.26.0 · ≤ 3.21.8 · 3.24.0 — 3.24.3

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References