Code Injection Vulnerability in SambaBox by Profelis Information and Consulting Trade and Industry Limited
CVE-2026-3120

7.2HIGH

Key Information:

Vendor: Profelis Information And Consulting Trade And Industry Limited Company
Status: Sambabox
Vendor: CVE Published:; 4 May 2026

🔔 Create Profelis Information And Consulting Trade And Industry Limited Company Vulnerability Alert

What is CVE-2026-3120?

A code injection vulnerability has been identified in SambaBox provided by Profelis Information and Consulting Trade and Industry Limited. This flaw allows malicious users to execute arbitrary operating system commands due to improper control over the generation of code within the application. The affected versions of SambaBox range from 5.1 up to, but not including, 5.3. Organizations using this software should take immediate action to secure their systems against potential exploitation.

Affected Version(s)

SambaBox 5.1 < 5.3

References

https://www.usom.gov.tr/bildirim/tr-26-0155

third-party-advisory

CVSS V3.1

Score:

7.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 4, 2026
Vulnerability Reserved
Feb 24, 2026

Credit

Kayra BÜYÜKLÜ

CVE-2026-3120 Data

JSON