CVE-2026-28517 – openDCIM

CVE ID : CVE-2026-28517

Published : Feb. 27, 2026, 11:16 p.m. | 20 minutes ago

Description : openDCIM version 23.04, through commit 4467e9c4, contains an OS command injection vulnerability in report_network_map.php. The application retrieves the ‘dot’ configuration parameter from the database and passes it directly to exec() without validation or sanitation. If an attacker can modify the fac_Config.dot value, arbitrary commands may be executed in the context of the web server process.

Severity: 9.3 | CRITICAL

Visit the link for more details, such as CVSS details, affected products, timeline, and more…