SambaBox CVE-2026-3120: High-Severity OS Command Injection

/HIGH /CVSS 7.2/10
Written by SCW Vulnerability Desk Vulnerability Intelligence
SCW vulnerabilitycvehigh-severitycommand-injectioncwe-94
SambaBox CVE-2026-3120: High-Severity OS Command Injection

The National Vulnerability Database has detailed CVE-2026-3120, a high-severity OS Command Injection vulnerability in Profelis Information and Consulting Trade and Industry Limited Company’s SambaBox. Tracked as an Improper Control of Generation of Code (‘Code Injection’) flaw, this vulnerability allows for OS command injection, posing a significant risk to affected systems.

The vulnerability impacts SambaBox versions from 5.1 before 5.3. With a CVSS score of 7.2 (HIGH), the exploit vector is network-based, requires high privileges, and has no user interaction, leading to complete compromise of confidentiality, integrity, and availability. This is a critical flaw that, if exploited, grants attackers deep control over the underlying operating system.

From an attacker’s perspective, a high-privilege OS command injection is a golden ticket. It allows for arbitrary code execution, persistence, data exfiltration, and lateral movement. For defenders, this means a complete bypass of application-level controls, turning a vulnerable SambaBox instance into a launchpad for further network compromise. Patching is non-negotiable.

What This Means For You

  • If your organization uses Profelis Information and Consulting Trade and Industry Limited Company SambaBox, immediately verify your version. Any instance running SambaBox from 5.1 before 5.3 is critically vulnerable. Prioritize patching to version 5.3 or later to mitigate OS command injection risks. Audit logs for any suspicious activity or unauthorized command execution on affected systems.

Indicators of Compromise

IDTypeIndicator
CVE-2026-3120 Code Injection Profelis Information and Consulting Trade and Industry Limited Company SambaBox
CVE-2026-3120 OS Command Injection SambaBox versions from 5.1 before 5.3
CVE-2026-3120 Code Injection CWE-94

Written by SCW Vulnerability Desk

🔎
Track SambaBox vulnerabilities Use /brief to get the latest analyst-ready threat summary, including critical vulnerabilities like CVE-2026-3120.
Open Intel Bot →
Source & Attribution
Source PlatformNVD
ChannelNational Vulnerability Database
PublishedMay 04, 2026 at 15:16 UTC

This content was AI-rewritten and enriched by Shimi's Cyber World based on the original source. All intellectual property rights remain with the original author.

Believe this infringes your rights? Submit a takedown request.

Related coverage

CVE-2026-7482: Critical Ollama Heap Out-of-Bounds Read Exposes Sensitive AI Data

CVE-2026-7482 — Ollama before 0.17.1 contains a heap out-of-bounds read vulnerability in the GGUF model loader. The /api/create endpoint accepts an attacker-supplied GGUF file in...

vulnerabilityCVEcriticalhigh-severityout-of-bounds-1cwe-125
/SCW Vulnerability Desk /CRITICAL /9.1 /⚑ 5 IOCs /⚙ 3 Sigma

Totolink N300RH RCE: CVE-2026-7750 Buffer Overflow Affects Remote Management

CVE-2026-7750 — A vulnerability was detected in Totolink N300RH 3.2.4-B20220812. This vulnerability affects the function setMacFilterRules of the file /cgi-bin/cstecgi.cgi of the component POST Request...

vulnerabilityCVEhigh-severitybuffer-overflowcwe-119cwe-120
/SCW Vulnerability Desk /HIGH /8.8 /⚑ 3 IOCs /⚙ 1 Sigma

Totolink N300RH Router Hit by High-Severity Buffer Overflow Vulnerability (CVE-2026-7749)

CVE-2026-7749 — A security vulnerability has been detected in Totolink N300RH 3.2.4-B20220812. This affects the function setWanConfig of the file /cgi-bin/cstecgi.cgi of the component POST...

vulnerabilityCVEhigh-severitybuffer-overflowcwe-119cwe-120
/SCW Vulnerability Desk /HIGH /8.8 /⚑ 3 IOCs /⚙ 5 Sigma