CVE-2026-1414 – Sangfor Operation and Maintenance Security Management System HTTP POST Request get_Information getInformation command injection

CVE ID : CVE-2026-1414

Published : Jan. 26, 2026, 3:15 a.m. | 1 hour, 47 minutes ago

Description : A vulnerability was determined in Sangfor Operation and Maintenance Security Management System up to 3.0.12. This impacts the function getInformation of the file /equipment/get_Information of the component HTTP POST Request Handler. Executing a manipulation of the argument fortEquipmentIp can lead to command injection. The attack can be launched remotely. The exploit has been publicly disclosed and may be utilized.

Severity: 6.5 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…