CVE-2026-12104

Vulnerability Description

OS command injection in the environment and tunnel configuration functionality in SIMA GmbH Bondix through version 1.25.7.5 on Linux allows an authenticated attacker with configuration write access to execute arbitrary operating-system commands via crafted configuration values passed to server-side scripts.

Vulnerability Details

Published Date

June 19, 2026

Last Modified

June 19, 2026

CWE ID

CWE-78

Source

NVD

Vendor

SIMA GmbH

Product

Bondix Server

External References

https://wiki.bondix.dev/wiki/Downloads#Release_Notes
https://wiki.bondix.dev/wiki/Security_Advisories#CVE-2026-12104_%E2%80%94_Authenticated_OS_Command_Injection_in_Bondix

CVE-2026-12104

Vulnerability Description

Vulnerability Details

External References

Discussion (0)

Add Comment