CVE-2026-12104

UNKNOWN NVD

CVSS Score 0

Severity UNKNOWN

Published Jun 19, 2026

Vendor unknown

Description

OS command injection in the environment and tunnel configuration functionality in SIMA GmbH Bondix through version 1.25.7.5 on Linux allows an authenticated attacker with configuration write access to execute arbitrary operating-system commands via crafted configuration values passed to server-side scripts.

References

https://wiki.bondix.dev/wiki/Downloads#Release_Notes
https://wiki.bondix.dev/wiki/Security_Advisories#CVE-2026-12104_%E2%80%94_Authenticated_OS_Command_Injection_in_Bondix