CVE-2026-1412 – Sangfor Operation and Maintenance Security Management System HTTP POST Request get_clip_img command injection

CVE ID : CVE-2026-1412

Published : Jan. 26, 2026, 1:15 a.m. | 3 hours, 47 minutes ago

Description : A vulnerability has been found in Sangfor Operation and Maintenance Security Management System up to 3.0.12. The impacted element is an unknown function of the file /fort/audit/get_clip_img of the component HTTP POST Request Handler. Such manipulation of the argument frame/dirno leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Severity: 7.5 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…