Cyber Posture

CVE-2026-3587

Critical

Published: 23 March 2026

Published
23 March 2026
Modified
24 March 2026
KEV Added
Patch
CVSS Score 10.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
EPSS Score 0.0013 31.9th percentile
Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-3587 is a critical-severity Hidden Functionality (CWE-912) vulnerability in Certvde (inferred from references). Its CVSS base score is 10.0 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation of Remote Services (T1210); ranked at the 31.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-14 (Permitted Actions Without Identification or Authentication) and AC-3 (Access Enforcement).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploitation of Remote Services (T1210) and 1 other technique. What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

AC-14 Permitted Actions Without Identification or Authentication good match
prevent

Specifies and authorizes actions performable without identification or authentication, directly preventing hidden unauthenticated CLI functions that enable escape from restricted interfaces.

CM-7 Least Functionality good match
prevent

Restricts the system to least functionality by prohibiting or disabling non-essential hidden features like the exploitable CLI prompt function.

AC-3 Access Enforcement good match
prevent

Enforces approved access authorizations and policies to block escape from restricted CLI interfaces via hidden functions.

MITRE ATT&CK Enterprise TechniquesAI

T1210 Exploitation of Remote Services Lateral Movement
Adversaries may exploit remote services to gain unauthorized access to internal systems once inside of a network.
attack.mitre.org →
T1059.008 Network Device CLI Execution
Adversaries may abuse scripting or built-in command line interpreters (CLI) on network devices to execute malicious command and payloads.
attack.mitre.org →
Why these techniques?

Unauthenticated remote exploitation of a hidden CLI function enables full device compromise via exploitation of a remote service (T1210) and facilitates unrestricted network device CLI command execution (T1059.008).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

NVD Description

An unauthenticated remote attacker can exploit a hidden function in the CLI prompt to escape the restricted interface, leading to full compromise of the device.

Deeper analysisAI

CVE-2026-3587 is a critical vulnerability (CVSS 3.1 score of 10.0; AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H) classified under CWE-912 (Hidden Functionality). Published on 2026-03-23, it involves a hidden function within the CLI prompt of an affected device that allows escape from the restricted interface. This flaw enables unauthenticated remote attackers to achieve full compromise of the device.

An unauthenticated remote attacker can exploit this vulnerability over the network with low complexity and no user interaction required. Successful exploitation grants high confidentiality, integrity, and availability impacts, along with a change in scope, culminating in complete device takeover.

For mitigation details, refer to the advisory at https://certvde.com/de/advisories/VDE-2026-020.

Details

CWE(s)
CWE-912

Affected Products

Certvde
inferred from references and description; NVD did not file a CPE for this CVE

CVEs Like This One

CVE-2026-33280Shared CWE-912
CVE-2024-39754Shared CWE-912
CVE-2026-30704Shared CWE-912
CVE-2026-1952Shared CWE-912
CVE-2025-0626Shared CWE-912
CVE-2025-0675Shared CWE-912
CVE-2025-48418Shared CWE-912
CVE-2026-41446Shared CWE-912
CVE-2026-34769Shared CWE-912
CVE-2026-7413Shared CWE-912

References