Cyber Resilience

CVE-2026-5935

High

Published: 23 April 2026

Published
23 April 2026
Modified
18 May 2026
KEV Added
Patch
CVSS Score v3.1 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
EPSS Score 0.0034 25.8th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2026-5935 is a high-severity OS Command Injection (CWE-78) vulnerability in Ibm Total Storage Service Console. Its CVSS base score is 7.3 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 25.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2026-5935 affects IBM Total Storage Service Console (TSSC) and TS4500 IMC in versions 9.2, 9.3, 9.4, 9.5, and 9.6. The vulnerability arises from improper validation of user-supplied input, enabling an unauthenticated user to execute arbitrary commands with normal user privileges on the system. Classified as CWE-78 (OS Command Injection), it carries a CVSS v3.1 base score of 7.3 (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) and was published on 2026-04-23.

An unauthenticated attacker with network access can exploit this issue with low complexity and no user interaction required. Exploitation allows execution of arbitrary commands under normal user privileges, resulting in low impacts to confidentiality, integrity, and availability.

IBM has published an advisory at https://www.ibm.com/support/pages/node/7270127 detailing the vulnerability and associated mitigations or patches.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

IBM Total Storage Service Console (TSSC) / TS4500 IMC 9.2, 9.3, 9.4, 9.5, 9.6 TSSC/IMC could allow an unauthenticated user to execute arbitrary commands with normal user privileges on the system due to improper validation of user supplied input.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1059.004 Unix Shell Execution
Adversaries may abuse Unix shell commands and scripts for execution.
Why these techniques?

OS command injection in a network-accessible unauthenticated management console directly enables remote arbitrary command execution via T1190 (Exploit Public-Facing Application) and T1059.004 (Unix Shell).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2025-13688Same vendor: Ibm
CVE-2025-13686Same vendor: Ibm
CVE-2025-13687Same vendor: Ibm
CVE-2026-1345Same vendor: Ibm
CVE-2024-55904Same vendor: Ibm
CVE-2024-51450Same vendor: Ibm
CVE-2024-56347Same vendor: Ibm
CVE-2024-56346Same vendor: Ibm
CVE-2018-25115Shared CWE-78
CVE-2024-57016Shared CWE-78

Affected Assets

ibm
total storage service console
9.2, 9.3, 9.4, 9.5, 9.6
ibm
ts4500 imc
9.2, 9.3, 9.4, 9.5, 9.6

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly mitigates the improper validation of user-supplied input that allows unauthenticated OS command injection in IBM TSSC/TS4500 IMC.

prevent

Remediates the specific command injection flaw by identifying, reporting, and applying IBM vendor patches for affected versions 9.2-9.6.

detect

Monitors the system for indicators of unauthorized command executions resulting from the input validation vulnerability.

References