CVE-2026-15410
HIGH
Actively Exploited
NVDCISA KEV
CVSS Score
7.2
Severity
HIGH
Published
Jul 14, 2026
Vendor
unknown
This vulnerability is in the CISA Known Exploited Vulnerabilities Catalog. Active exploitation has been observed. Immediate patching is recommended.
Description
Post-authentication improper control of generation of code ('Code Injection') vulnerability has been identified in the SMA1000 Appliance Management Console (AMC) which in specific conditions could potentially enable a remote authenticated attacker as administrator to execute arbitrary OS commands.