High severity8.8NVD Advisory· Published Feb 2, 2026· Updated Apr 15, 2026
CVE-2026-24788
CVE-2026-24788
Description
RaspAP raspap-webgui versions prior to 3.3.6 contain an OS command injection vulnerability. If exploited, an arbitrary OS command may be executed by a user who can log in to the product.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
billz/raspap-webguiPackagist | < 3.3.6 | 3.3.6 |
Affected products
1Patches
Vulnerability mechanics
References
7- github.com/advisories/GHSA-4wwf-f7w3-94f5ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2026-24788ghsaADVISORY
- github.com/RaspAP/raspap-webgui/commit/f514f5a12ef0c34853b5370ef55d630b499f977dghsaWEB
- github.com/RaspAP/raspap-webgui/releases/tag/3.3.6ghsaWEB
- jvn.jp/en/jp/JVN27202136ghsaWEB
- github.com/RaspAP/raspap-webgui/releasesnvd
- jvn.jp/en/jp/JVN27202136/nvd
News mentions
0No linked articles in our index yet.