Cyber Resilience

CVE-2026-3828

HighRCE

Published: 09 May 2026

Published
09 May 2026
Modified
12 May 2026
KEV Added
Patch
CVSS Score v3.1 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0005 16.8th percentile
Risk Priority 14 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-3828 is a high-severity OS Command Injection (CWE-78) vulnerability in Hikvision (inferred from references). Its CVSS base score is 7.2 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Network Device CLI (T1059.008); ranked at the 16.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

EU & UK References

Vulnerability details

Some Hikvision switch products (discontinued since December 2023) are vulnerable to authenticated remote command execution due to insufficient input validation. Attackers with valid credentials can exploit this flaw by sending crafted packets containing malicious commands to affected devices, leading to…

more

arbitrary command execution.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1059.008 Network Device CLI Execution
Adversaries may abuse scripting or built-in command line interpreters (CLI) on network devices to execute malicious command and payloads.
Why these techniques?

CWE-78 OS command injection on network device directly enables arbitrary CLI command execution (T1059.008) via crafted remote packets after authentication.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2025-11730Shared CWE-78
CVE-2025-15518Shared CWE-78
CVE-2026-23816Shared CWE-78
CVE-2026-23820Shared CWE-78
CVE-2025-15519Shared CWE-78
CVE-2024-26012Shared CWE-78
CVE-2026-22222Shared CWE-78
CVE-2026-22224Shared CWE-78
CVE-2025-11005Shared CWE-78
CVE-2026-31177Shared CWE-78

Affected Assets

Hikvision
inferred from references and description; NVD did not file a CPE for this CVE

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-78

Platform-independent apps typically execute inside a managed runtime or sandbox that restricts direct OS command execution, reducing the ability to exploit OS command injection.

addresses: CWE-78

Validates inputs to block special elements that would alter OS command execution.

References