Command Injection Vulnerability in Web Server NPC Start Endpoint by Third-Party Vendor
CVE-2026-22103
9.3CRITICAL
What is CVE-2026-22103?
The NPC start endpoint operating on port 8090 in the web server is susceptible to command injection attacks. This vulnerability allows an unauthorized user to execute arbitrary commands on the server, potentially compromising sensitive data and system integrity. Proper configuration and security measures must be implemented to mitigate this risk and protect the affected systems from exploitation.
Affected Version(s)
DC-80 0 < 1.5.1
References
CVSS V4
Score:
9.3
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None
Timeline
Vulnerability published
Vulnerability Reserved
Credit
Wilco van Beijnum (ElaadNL)
Jeroen van der Ham-de Vos (DIVD)
