CVE-2026-4622
Published: 27 March 2026
Summary
CVE-2026-4622 is a high-severity OS Command Injection (CWE-78) vulnerability in Nec Aterm Wg2600Hs Firmware. Its CVSS base score is 7.1 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 46.1% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Deeper analysis
CVE-2026-4622 is an OS Command Injection vulnerability (CWE-78) in NEC Platforms, Ltd. Aterm Series products. Published on 2026-03-27, it enables an attacker to execute arbitrary OS commands via network access. The issue carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), classifying it as critical due to its potential for severe impact.
The vulnerability can be exploited by any unauthenticated remote attacker with network connectivity to the affected device, requiring low complexity and no user interaction. Successful exploitation allows arbitrary command execution on the underlying operating system, compromising confidentiality, integrity, and availability with high impact.
Mitigation guidance is available in the vendor advisory at https://jpn.nec.com/security-info/secinfo/nv26-001_en.html.
OWASP Top 10 for Web (2025)
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-16591
Vulnerability details
OS Command Injection vulnerability in NEC Platforms, Ltd. Aterm Series allows a attacker to execute arbitrary OS commands via network.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Unauthenticated remote OS command injection in a network-facing device directly enables T1190 (Exploit Public-Facing Application) and facilitates arbitrary command execution via T1059.004 (Unix Shell).
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly mitigates CVE-2026-4622 by requiring timely installation of vendor patches to remediate the OS command injection flaw.
Prevents exploitation of the command injection vulnerability by validating and sanitizing untrusted network inputs to reject malicious OS command payloads.
Boundary protection mechanisms like firewalls restrict network access to the vulnerable service on the Aterm device, reducing exposure to unauthenticated remote attackers.