VYPR
Unrated severityNVD Advisory· Published Mar 24, 2026· Updated Mar 26, 2026

Host and event action script regex validation can be bypassed in certain situations, leading to potential command injection

CVE-2026-23920

Description

Host and event action script input is validated with a regex (set by the administrator), but the validation runs in multiline mode. If ^ and $ anchors are used in user input validation, an injected newline lets authenticated users bypass the check and inject shell commands.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

1

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.