Cyber Resilience

CVE-2026-5967

HighRCE

Published: 20 April 2026

Published
20 April 2026
Modified
12 May 2026
KEV Added
Patch
CVSS Score v4 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0037 28.9th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2026-5967 is a high-severity OS Command Injection (CWE-78) vulnerability in Teamt5 Threatsonar Anti-Ransomware. Its CVSS base score is 8.7 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 28.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-6 (Least Privilege) and SI-10 (Information Input Validation).

Deeper analysis

CVE-2026-5967 is a privilege escalation vulnerability in ThreatSonar Anti-Ransomware, a product developed by TeamT5. The flaw enables authenticated remote attackers with shell access to inject operating system commands, which then execute with root privileges. Classified under CWE-78 (OS Command Injection), it received a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) upon publication on 2026-04-20.

Attackers require low privileges, specifically authentication and remote shell access to the affected system, to exploit this vulnerability over the network with low complexity and no user interaction. Successful exploitation allows injection and execution of arbitrary OS commands as root, resulting in high impacts to confidentiality, integrity, and availability, potentially leading to full system compromise.

Advisories from TWCERT/CC, available at https://www.twcert.org.tw/en/cp-139-10855-e6d1b-2.html and https://www.twcert.org.tw/tw/cp-132-10854-03015-1.html, provide further details on the vulnerability and mitigation guidance.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

ThreatSonar Anti-Ransomware developed by TeamT5 has an Privilege Escalation vulnerability. Authenticated remote attackers with shell access can inject OS commands and execute them with root privileges.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Why these techniques?

Privilege escalation vulnerability via OS command injection (CWE-78) directly enables Exploitation for Privilege Escalation (T1068).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-5966Same product: Teamt5 Threatsonar Anti-Ransomware
CVE-2025-24385Shared CWE-78
CVE-2025-25269Shared CWE-78
CVE-2026-27806Shared CWE-78
CVE-2025-12744Shared CWE-78
CVE-2026-21418Shared CWE-78
CVE-2026-26318Shared CWE-78
CVE-2026-5208Shared CWE-78
CVE-2026-24154Shared CWE-78
CVE-2025-70329Shared CWE-78

Affected Assets

teamt5
threatsonar anti-ransomware
≤ 4.0.0

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly prevents the OS command injection vulnerability in ThreatSonar by validating shell inputs to block arbitrary command execution with root privileges.

prevent

Enforces least privilege on the ThreatSonar shell process, preventing injected commands from executing with unnecessary root privileges even if injection occurs.

prevent

Remediates the specific privilege escalation flaw in ThreatSonar Anti-Ransomware through timely identification, testing, and application of vendor-provided patches.

References