Code Execution Vulnerability in Oinone Pamirs 7.0.0
CVE-2026-39052

6.5MEDIUM

Key Information:

Vendor: Oinone
Status: Pamirs
Vendor: CVE Published:; 15 May 2026

What is CVE-2026-39052?

Oinone Pamirs 7.0.0 contains a vulnerability that allows for code execution through its ScriptRunner component. This flaw arises when the ScriptRunner.run method accepts and evaluates attacker-controlled script expressions without adequate sandboxing or an allowlist. As a result, malicious scripts could be executed within the application context, posing significant security risks. It is crucial for users of this product to assess their systems for this vulnerability and implement necessary patches or mitigations as soon as they are available.

References

https://www.oinone.top/changelog

https://github.com/oinone/oinone-pamirs

https://gist.github.com/Misakim1/859c3eb9ced699089ee0747d...

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 15, 2026
Vulnerability Reserved
Apr 6, 2026

CVE-2026-39052 Data

JSON