Unrated severityNVD Advisory· Published Jun 18, 2026

OS Command Injection in LMS

CVE-2026-40456

Description

An OS Command Injection vulnerability exists in LMS (LAN Management System) before commit 9fcb4de due to an IP address parameter being passed to the "exec()" function without proper validation, allowing attackers to execute arbitrary operating system commands.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

Lan Management System/lmsllm-create
Range: < commit 9fcb4de

Patches

Vulnerability mechanics

Synthesis attempt was rejected by the grounding validator. Re-run pending.

References

github.com/chilek/lms/commit/9fcb4de19b7d76394898dbc124252b86b07ac0edmitrepatch
cert.pl/posts/2026/06/CVE-2026-40455mitrethird-party-advisory
lms.org.plmitreproduct

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	-0.070
ransomware	0.000