CVEFinder.io

CVE-2026-0804

๐Ÿ”ถ medium
๐Ÿ” Scan for this CVE
Summary

An ACAP configuration file lacked sufficient input validation, which could allow a path traversal attack leading to potential privilege escalation. This vulnerability can only be exploited if the Axis device is configured to allow the installation of unsigned ACAP applications, and if an attacker convinces the victim to install aย malicious ACAP application.

CVSS Score
6.7
Medium
EPSS Score
0.0
Exploit Probability
Published Date
2026-05-12
First Seen: 2026-05-20
๐Ÿ“Š Relative Risk Intelligence

This CVE is Lower Risk - more severe than 48.9% of all 321,566 vulnerabilities in our database.

#164,380
Below average severity
Severity Percentile
๐ŸŽฏ CISA SSVC Assessment Updated: May 12, 2026
๐Ÿ” Exploitation Status
None
No known exploits
โš™๏ธ Automatable
NO
Requires human interaction
๐Ÿ’ฅ Technical Impact
Total
Complete system compromise possible
๐Ÿ† Discovered By
Mucoze
SSVC data provided by CISA
Last Modified 2026-05-19
Source NVD ๐Ÿ”—
CVSS Vector 3.1 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CWE IDs (Weakness Types)
CWE-35

๐Ÿ“ฆ Affected Products 1

Vendor Product Status Affected Versions
axis axis_os Affected
> 12.0.0 < 12.10.4

๐Ÿ”— References 1

https://www.axis.com/dam/public/51/64/ea/cve-2026-08...
Vendor Advisory

๐Ÿ”— Related CVEs 6

CVE ID Severity CVSS EPSS Summary Published
CVE-2026-0541 ๐Ÿ”ถ medium 6.7 0.0 ACAP applications can gain elevated privileges due to improper input validation during the installation process, potenti... 2026-05-12
CVE-2026-0802 ๐Ÿ”ถ medium 6.0 0.0 An ACAP configuration file lacked sufficient input validation, which could allow command injection and potentially lead ... 2026-05-12
CVE-2026-1185 ๐Ÿ”ถ medium 5.4 0.1 A configuration file on the local file system had improper input validation which could allow code execution and potenti... 2026-05-12
CVE-2025-11142 โš ๏ธ high 7.1 0.1 The VAPIX API mediaclip.cgi that did not have a sufficient input validation allowing for a possible remote code executio... 2026-02-10
CVE-2025-4645 ๐Ÿ”ถ medium 6.7 0.0 An ACAP configuration file lacked sufficient input validation, which could allow for arbitrary code execution. This vuln... 2025-11-11
CVE-2025-5452 ๐Ÿ”ถ medium 6.6 0.1 A malicious ACAP application can gain access to admin-level service account credentials used by legitimate ACAP applicat... 2025-11-11
These CVEs affect the same products