Cyber Resilience

CVE-2026-4622

HighRCE

Published: 27 March 2026

Published
27 March 2026
Modified
20 April 2026
KEV Added
Patch
CVSS Score v4 7.1 CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0086 53.9th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2026-4622 is a high-severity OS Command Injection (CWE-78) vulnerability in Nec Aterm Wg2600Hs Firmware. Its CVSS base score is 7.1 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 46.1% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2026-4622 is an OS Command Injection vulnerability (CWE-78) in NEC Platforms, Ltd. Aterm Series products. Published on 2026-03-27, it enables an attacker to execute arbitrary OS commands via network access. The issue carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), classifying it as critical due to its potential for severe impact.

The vulnerability can be exploited by any unauthenticated remote attacker with network connectivity to the affected device, requiring low complexity and no user interaction. Successful exploitation allows arbitrary command execution on the underlying operating system, compromising confidentiality, integrity, and availability with high impact.

Mitigation guidance is available in the vendor advisory at https://jpn.nec.com/security-info/secinfo/nv26-001_en.html.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

OS Command Injection vulnerability in NEC Platforms, Ltd. Aterm Series allows a attacker to execute arbitrary OS commands via network.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1059.004 Unix Shell Execution
Adversaries may abuse Unix shell commands and scripts for execution.
Why these techniques?

Unauthenticated remote OS command injection in a network-facing device directly enables T1190 (Exploit Public-Facing Application) and facilitates arbitrary command execution via T1059.004 (Unix Shell).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-4620Same vendor: Nec
CVE-2018-25115Shared CWE-78
CVE-2025-24382Shared CWE-78
CVE-2026-29058Shared CWE-78
CVE-2024-57016Shared CWE-78
CVE-2024-46484Shared CWE-78
CVE-2015-10145Shared CWE-78
CVE-2020-37002Shared CWE-78
CVE-2026-27848Shared CWE-78
CVE-2025-0356Shared CWE-78

Affected Assets

nec
aterm wg2600hs firmware
≤ 1.7.2
nec
aterm wf1200cr firmware
≤ 1.6.0
nec
aterm wg1200cr firmware
≤ 1.5.0
nec
aterm wg2600hp4 firmware
≤ 1.4.2
nec
aterm wg2600hm4 firmware
≤ 1.4.2
nec
aterm wg2600hs2 firmware
≤ 1.3.2
nec
aterm wx3000hp firmware
≤ 2.5.0
nec
aterm wx3000hp2 firmware
≤ 1.3.2
nec
aterm gb1200pe firmware
≤ 1.3.1

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly mitigates CVE-2026-4622 by requiring timely installation of vendor patches to remediate the OS command injection flaw.

prevent

Prevents exploitation of the command injection vulnerability by validating and sanitizing untrusted network inputs to reject malicious OS command payloads.

prevent

Boundary protection mechanisms like firewalls restrict network access to the vulnerable service on the Aterm device, reducing exposure to unauthenticated remote attackers.

References