Command Injection Vulnerability in Honeywell Control Network Module
CVE-2026-5433

9.1CRITICAL

Key Information:

Vendor: Honeywell International Inc.
Status: Control Network Module (cnm)
Vendor: CVE Published:; 21 May 2026

🔔 Create Honeywell International Inc. Vulnerability Alert

What is CVE-2026-5433?

The Honeywell Control Network Module (CNM) presents a command injection vulnerability through its web interface. This security flaw allows attackers to execute arbitrary commands on the system by utilizing command delimiters. Exploiting this vulnerability could enable remote code execution, posing significant risks to the integrity and confidentiality of the affected systems. It is crucial for users to apply the necessary patches to mitigate potential threats.

Affected Version(s)

Control Network Module (CNM) CNM 100.1 <= 110.2

References

https://process.honeywell.com/

patch

CVSS V3.1

Score:

9.1

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 21, 2026
Vulnerability Reserved
Apr 2, 2026

Credit

Andreas Krämer, BASF Digital Solutions GmbH

Martin Floeck, BASF Digital Solutions GmbH

Stefan Stahl, BASF Digital Solutions GmbH

CVE-2026-5433 Data

JSON