5 matches found
CVE-2026-15497
Affected software / component: SonicCloudOrg sonic-agent (up to 2.7.2), specifically the JWT Authentication Filter in the ExchangeController.java path. Vulnerability: code injection vulnerability reported as enabling a remote attacker to manipulate code execution. Impact (per docs): remote exploi...
CVE-2026-15496
SonicCloudOrg sonic-agent (up to version 2.7.2) contains a remote os command injection in GroovyScriptImpl.evalIsFailed within Groovy Script Handler. The vulnerable function is in sonic-agent/src/main/java/org/cloud/sonic/agent/tests/script/GroovyScriptImpl.java. Exploitation is public and report...
EUVD-2026-43218
A vulnerability was found in SonicCloudOrg sonic-agent up to 2.7.2. The impacted element is the function evalIsFailed of the file sonic-agent/src/main/java/org/cloud/sonic/agent/tests/script/GroovyScriptImpl.java of the component Groovy Script Handler. The manipulation results in os command...
CVE-2026-15495
The vulnerability CVE-2026-15495 affects SonicCloudOrg sonic-agent up to version 2.7.2, specifically in the Android WebSocket Server component’s AndroidWSServer.java. The issue arises from manipulating the path argument, causing os command injection. It is remotely exploitable and has public disc...
EUVD-2026-43217
A vulnerability has been found in SonicCloudOrg sonic-agent up to 2.7.2. The affected element is an unknown function of the file AndroidWSServer.java of the component Android WebSocket Server. The manipulation of the argument path leads to os command injection. The attack can be initiated remotel...