Cyber Posture

CVE-2026-5967

HighRCEUpdated

Published: 20 April 2026

Published
20 April 2026
Modified
12 May 2026
KEV Added
Patch
CVSS Score 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0014 33.6th percentile
Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-5967 is a high-severity OS Command Injection (CWE-78) vulnerability in Teamt5 Threatsonar Anti-Ransomware. Its CVSS base score is 8.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 33.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-6 (Least Privilege) and SI-10 (Information Input Validation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploitation for Privilege Escalation (T1068). What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-10 Information Input Validation good match
prevent

Directly prevents the OS command injection vulnerability in ThreatSonar by validating shell inputs to block arbitrary command execution with root privileges.

AC-6 Least Privilege good match
prevent

Enforces least privilege on the ThreatSonar shell process, preventing injected commands from executing with unnecessary root privileges even if injection occurs.

SI-2 Flaw Remediation good match
prevent

Remediates the specific privilege escalation flaw in ThreatSonar Anti-Ransomware through timely identification, testing, and application of vendor-provided patches.

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
attack.mitre.org →
Why these techniques?

Privilege escalation vulnerability via OS command injection (CWE-78) directly enables Exploitation for Privilege Escalation (T1068).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

NVD Description

ThreatSonar Anti-Ransomware developed by TeamT5 has an Privilege Escalation vulnerability. Authenticated remote attackers with shell access can inject OS commands and execute them with root privileges.

Deeper analysisAI

CVE-2026-5967 is a privilege escalation vulnerability in ThreatSonar Anti-Ransomware, a product developed by TeamT5. The flaw enables authenticated remote attackers with shell access to inject operating system commands, which then execute with root privileges. Classified under CWE-78 (OS Command Injection), it received a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) upon publication on 2026-04-20.

Attackers require low privileges, specifically authentication and remote shell access to the affected system, to exploit this vulnerability over the network with low complexity and no user interaction. Successful exploitation allows injection and execution of arbitrary OS commands as root, resulting in high impacts to confidentiality, integrity, and availability, potentially leading to full system compromise.

Advisories from TWCERT/CC, available at https://www.twcert.org.tw/en/cp-139-10855-e6d1b-2.html and https://www.twcert.org.tw/tw/cp-132-10854-03015-1.html, provide further details on the vulnerability and mitigation guidance.

Details

CWE(s)
CWE-78

Affected Products

teamt5
threatsonar anti-ransomware
≤ 4.0.0

CVEs Like This One

CVE-2026-5966Same product: Teamt5 Threatsonar Anti-Ransomware
CVE-2026-21418Shared CWE-78
CVE-2025-24385Shared CWE-78
CVE-2025-25269Shared CWE-78
CVE-2026-27806Shared CWE-78
CVE-2025-12744Shared CWE-78
CVE-2026-22277Shared CWE-78
CVE-2026-24154Shared CWE-78
CVE-2024-49563Shared CWE-78
CVE-2026-2630Shared CWE-78

References