High severityNVD Advisory· Published May 5, 2026· Updated May 7, 2026

CVE-2026-7865

Description

A hidden console command is vulnerable to command injection flaw when control characters are passed to its second argument.

A third party researcher Eugene Lim had discovered vulnerability in the way console command passes to a popen function call. Attackers with authenticated access to SSH console of Crestron devices may use to run underlying OS commands.

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.crestron.com/Software-Firmware/Firmware/Touchpanels/TS-770-TS-1070-TSS-770-TSS-1070-TSW-570/3-003-0015-001nvd
www.crestron.com/release_notes/tsw-xx70_3.003.0015.001_release_notes.pdfnvd

News mentions

No linked articles in our index yet.

cvss	0.455
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000