CVEFinder.io

CVE-2026-1185

πŸ”Ά medium
πŸ” Scan for this CVE
Summary

A configuration file on the local file system had improper input validation which could allow code execution and potentially lead to privilege escalation. This vulnerability can only be exploited if an attacker canΒ log in to the Axis device using SSH.

CVSS Score
5.4
Medium
EPSS Score
0.1
Exploit Probability
Published Date
2026-05-12
First Seen: 2026-05-20
πŸ“Š Relative Risk Intelligence

This CVE is Lower Risk - more severe than 22.9% of all 321,566 vulnerabilities in our database.

#247,909
Below average severity
Severity Percentile
🎯 CISA SSVC Assessment Updated: May 12, 2026
πŸ” Exploitation Status
None
No known exploits
βš™οΈ Automatable
NO
Requires human interaction
πŸ’₯ Technical Impact
Total
Complete system compromise possible
πŸ† Discovered By
Cookiejack15
SSVC data provided by CISA
Last Modified 2026-05-19
Source NVD πŸ”—
CVSS Vector 3.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
CWE IDs (Weakness Types)
CWE-732

πŸ“¦ Affected Products 1

Vendor Product Status Affected Versions
axis axis_os Affected
> 12.0.0 < 12.10.37

πŸ”— References 1

https://www.axis.com/dam/public/69/df/8d/cve-2026-11...
Vendor Advisory

πŸ”— Related CVEs 6

CVE ID Severity CVSS EPSS Summary Published
CVE-2026-0541 πŸ”Ά medium 6.7 0.0 ACAP applications can gain elevated privileges due to improper input validation during the installation process, potenti... 2026-05-12
CVE-2026-0802 πŸ”Ά medium 6.0 0.0 An ACAP configuration file lacked sufficient input validation, which could allow command injection and potentially lead ... 2026-05-12
CVE-2026-0804 πŸ”Ά medium 6.7 0.0 An ACAP configuration file lacked sufficient input validation, which could allow a path traversal attack leading to pote... 2026-05-12
CVE-2025-11142 ⚠️ high 7.1 0.1 The VAPIX API mediaclip.cgi that did not have a sufficient input validation allowing for a possible remote code executio... 2026-02-10
CVE-2025-4645 πŸ”Ά medium 6.7 0.0 An ACAP configuration file lacked sufficient input validation, which could allow for arbitrary code execution. This vuln... 2025-11-11
CVE-2025-5452 πŸ”Ά medium 6.6 0.1 A malicious ACAP application can gain access to admin-level service account credentials used by legitimate ACAP applicat... 2025-11-11
These CVEs affect the same products