OS Command Injection Vulnerability in Shibby Tomato Web UI
CVE-2026-10873
8.6HIGH
What is CVE-2026-10873?
A vulnerability in Shibby Tomato version 1.28.0000 allows for OS command injection through the rstats_path function located in the Web UI component. An attacker can exploit this vulnerability remotely, enabling them to manipulate commands in the operating system. This risk has been publicly disclosed, raising concerns for users of the affected product, which has since been succeeded by FreshTomato. It is critical for users to be aware of this vulnerability and take action if they are still utilizing the impacted version.
Affected Version(s)
Tomato 1.28.0000
