CVE-2026-28279 `osctrl-admin` Vulnerable to OS Command Injection via Environment Configuration

osctrl is an osquery management solution. Prior to version 0.5.0, an OS command injection vulnerability exists in the osctrl-admin environment configuration. An authenticated administrator can inject arbitrary shell commands via the hostname parameter when creating or editing environments. These...

CVE-2026-28279 `osctrl-admin` Vulnerable to OS Command Injection via Environment Configuration

osctrl is an osquery management solution. Prior to version 0.5.0, an OS command injection vulnerability exists in the osctrl-admin environment configuration. An authenticated administrator can inject arbitrary shell commands via the hostname parameter when creating or editing environments. These...

CVE-2026-28279

osctrl is an osquery management solution. Prior to version 0.5.0, an OS command injection vulnerability exists in the osctrl-admin environment configuration. An authenticated administrator can inject arbitrary shell commands via the hostname parameter when creating or editing environments. These...

CVE-2026-28279 `osctrl-admin` Vulnerable to OS Command Injection via Environment Configuration

osctrl is an osquery management solution. Prior to version 0.5.0, an OS command injection vulnerability exists in the osctrl-admin environment configuration. An authenticated administrator can inject arbitrary shell commands via the hostname parameter when creating or editing environments. These...

CVE-2026-28279

The CVE affects osctrl prior to v0.5.0, where an authenticated administrator can inject shell commands via the hostname in osctrl-admin environment configurations. The commands are embedded into enrollment one-liner scripts generated with Go's text/template (no shell escaping) and execute on ever...

osctrl 跨站脚本漏洞

OsCtrl is an open-source management software for OsQuery by JMP Security. Versions of OsCtrl prior to 0.5.0 contained a cross-site scripting vulnerability. This vulnerability stemmed from the osctrl-admin feature, which queries lists on demand, allowing for stored cross-site scripting. This could...

osctrl 操作系统命令注入漏洞

OsCtrl is an open-source management software for OsQuery by JMP Security. Versions of OsCtrl prior to 0.5.0 contained a vulnerability related to operating system command injection. This vulnerability stemmed from OS command injection in the OsCtrl-admin environment configuration, which could lead...

PT-2026-22226

Name of the Vulnerable Software and Affected Versions osctrl versions prior to 0.5.0 Description osctrl is an osquery management solution. A stored cross-site scripting XSS issue exists in the osctrl-admin on-demand query list. A user with query-level permissions can inject arbitrary JavaScript v...