CVE-2026-7865
Published: 05 May 2026
Summary
CVE-2026-7865 is a high-severity Argument Injection (CWE-88) vulnerability in Crestron (inferred from references). Its CVSS base score is 7.4 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Unix Shell (T1059.004); ranked in the top 35.6% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-27394
Vulnerability details
A hidden console command is vulnerable to command injection flaw when control characters are passed to its second argument. A third party researcher Eugene Lim had discovered vulnerability in the way console command passes to a popen function call. Attackers…
more
with authenticated access to SSH console of Crestron devices may use to run underlying OS commands.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Authenticated SSH console access combined with argument injection to popen enables direct execution of arbitrary OS commands via Unix shell.
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.