CVE-2026-40456

Vulnerability Description

An OS Command Injection vulnerability exists in LMS (LAN Management System) before commit 9fcb4de due to an IP address parameter being passed to the "exec()" function without proper validation, allowing attackers to execute arbitrary operating system commands.

Vulnerability Details

Published Date

June 18, 2026

Last Modified

June 18, 2026

CWE ID

CWE-78

Source

NVD

Vendor

LMS

Product

LMS

External References

https://cert.pl/posts/2026/06/CVE-2026-40455
https://github.com/chilek/lms/commit/9fcb4de19b7d76394898dbc124252b86b07ac0ed
https://lms.org.pl/

CVE-2026-40456

Vulnerability Description

Vulnerability Details

External References

Discussion (0)

Add Comment