CVE-2026-45777
Description
Open XDMoD versions 9.5.0 through 11.0.2 are vulnerable to unauthenticated remote code execution via OS command injection.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Open XDMoD versions 9.5.0 through 11.0.2 are vulnerable to unauthenticated remote code execution via OS command injection.
Vulnerability
Starting in version 9.5.0 and prior to version 11.0.3, Open XDMoD is vulnerable to OS command injection. This vulnerability affects all deployments of Open XDMoD versions 9.5.0 through 11.0.2 (inclusive) [1].
Exploitation
An attacker can remotely execute arbitrary system commands on the web server hosting Open XDMoD. No authentication or user interaction is required for exploitation [1].
Impact
Successful exploitation allows an attacker to execute arbitrary system commands with the privileges of the web server process. This can lead to reading or modifying application data, altering system configuration, or disrupting service availability [1].
Mitigation
Open XDMoD version 11.0.3, released on 2026-05-12, addresses this vulnerability [2]. As a workaround, users can manually apply a provided patch before upgrading [1].
AI Insight generated on Jun 5, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2Patches
0No patches discovered yet.
Vulnerability mechanics
No source-code context for this CVE — mechanics is only generated when we can read the actual fix diff. Without that, the four sections (root cause, attack vector, affected code, fix) would be speculation rather than analysis.
References
3News mentions
0No linked articles in our index yet.