CVE-2026-1324 | Sangfor Operation and Maintenance Management System up to 3.0.12 SSH Protocol session SessionController keypassword os command injection

A vulnerability classified as critical has been found in Sangfor Operation and Maintenance Management System up to 3.0.12. Affected by this issue is the function SessionController of the file /isomp-protocol/protocol/session of the component SSH Protocol Handler. The manipulation of the argument keypassword leads to os command injection.

This vulnerability is traded as CVE-2026-1324. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

The vendor was contacted early about this disclosure but did not respond in any way.VulDB Recent EntriesRead More