OS Command Injection and Privilege Escalation Vulnerability in bleon-ethical API Gateway Deployment
CVE-2026-27208

9.2CRITICAL

Key Information:

Vendor: Bleon-ethical
Status: Api-gateway-deploy
Vendor: CVE Published:; 24 February 2026

🔔 Create Bleon-ethical Vulnerability Alert

What is CVE-2026-27208?

The bleon-ethical API Gateway Deployment version 1.0.0 is susceptible to a series of attacks involving OS Command Injection and Privilege Escalation. This vulnerability enables attackers to execute arbitrary commands with root privileges within the container environment. As a result, this could potentially facilitate unauthorized access to infrastructure and modifications. However, version 1.0.1 addresses these concerns by integrating rigorous input sanitization measures, enforcing non-root user permissions in its Dockerfile, and putting in place stringent security quality gates to mitigate future risks.

Affected Version(s)

api-gateway-deploy = 1.0.0

References

https://github.com/bleon-ethical/api-gateway-deploy/secur...

x_refsource_CONFIRM

https://github.com/bleon-ethical/api-gateway-deploy/relea...

x_refsource_MISC

CVSS V3.1

Score:

9.2

Severity:

CRITICAL

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 24, 2026
Vulnerability Reserved
Feb 18, 2026

CVE-2026-27208 Data

JSON