CVE-2026-2533 | Tosei Self-service Washing Machine 4.02 tosei_datasend.php adr_txt_1 command injection

A vulnerability described as critical has been identified in Tosei Self-service Washing Machine 4.02. Impacted is an unknown function of the file /cgi-bin/tosei_datasend.php. Executing a manipulation of the argument adr_txt_1 can lead to command injection.

This vulnerability is registered as CVE-2026-2533. It is possible to launch the attack remotely. Furthermore, an exploit is available.

The vendor was contacted early about this disclosure but did not respond in any way.VulDB Recent EntriesRead More