CVE-2026-40456

UNKNOWN NVD

CVSS Score 0

Severity UNKNOWN

Published Jun 18, 2026

Vendor unknown

Description

An OS Command Injection vulnerability exists in LMS (LAN Management System) before commit 9fcb4de due to an IP address parameter being passed to the "exec()" function without proper validation, allowing attackers to execute arbitrary operating system commands.

References

https://cert.pl/posts/2026/06/CVE-2026-40455
https://github.com/chilek/lms/commit/9fcb4de19b7d76394898dbc124252b86b07ac0ed
https://lms.org.pl/