CVE-2026-22313

Vulnerability

Radiflow iSAP Smart Collector version 3.07-1 exposes a REST API authenticated with a token on TCP port 8086 (management network). The API endpoint fails to neutralize special elements used in OS commands (CWE-78), allowing an authenticated attacker to inject arbitrary commands that are executed with administrative permissions by the underlying operating system [1].

Exploitation

An attacker must have network access to the management network and valid authentication credentials (token) for the REST API. The attacker sends a crafted request to the vulnerable API endpoint containing OS command injection payloads. No additional user interaction or race condition is required [1].

Impact

Successful exploitation achieves arbitrary command execution with administrative (root-level) privileges on the device. This leads to full compromise of confidentiality, integrity, and availability (CIA) of the Smart Collector, including potential data exfiltration, modification of device configuration, and disruption of service. The scope of impact expands beyond the vulnerable component to affect the entire management environment [1].

Mitigation

As of the publication date (2026-06-16), no patch or fixed version has been released. Operators should restrict management network access to trusted hosts only, enforce strong authentication, and monitor for anomalous API requests. The vendor has not yet announced an update; affected users should contact Radiflow support for mitigation guidance [1].