Unrated severityNVD Advisory· Published Mar 24, 2026· Updated Mar 26, 2026
Host and event action script regex validation can be bypassed in certain situations, leading to potential command injection
CVE-2026-23920
Description
Host and event action script input is validated with a regex (set by the administrator), but the validation runs in multiline mode. If ^ and $ anchors are used in user input validation, an injected newline lets authenticated users bypass the check and inject shell commands.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
1Patches
Vulnerability mechanics
References
1News mentions
0No linked articles in our index yet.