Ghostwire

CVE-2026-6349: The iSherlock developed by HGiga has an OS Command Injection vulnerability, allowing unauthenticated local attackers to...

CRITICAL CVSS 9.5

Published: April 16, 2026 | Last Modified: April 16, 2026

Description

The iSherlock developed by HGiga has an OS Command Injection vulnerability, allowing unauthenticated local attackers to inject arbitrary OS commands and execute them on the server.

Ghostwire Analysis — What This Means Practically

Critical CVSS score indicates maximum severity — remote code execution, authentication bypass, or complete system compromise is likely possible.

This analysis is generated by Ghostwire from NVD, CISA KEV, EPSS, and open-source intelligence data. Verify findings through primary sources before acting.

Security Coverage (2 articles)

References

www.tenable.com/cve/CVE-2026-6349
www.cnnvd.org.cn/home/globalSearch?keyword=CVE-2026-6349
nvd.nist.gov/vuln/detail/CVE-2026-6349