OS Command Injection Vulnerability in Aterm by NEC
CVE-2026-8652

8.5HIGH

Key Information:

Vendor: Nec Platforms, Ltd.
Status: Aterm Mr51fn; Aterm Cm51fd
Vendor: CVE Published:; 25 May 2026

🔔 Create Nec Platforms, Ltd. Vulnerability Alert

What is CVE-2026-8652?

An OS Command Injection vulnerability has been identified in Aterm by NEC. When an attacker gains unauthorized administrator access to the web console, they can remotely execute arbitrary OS commands, compromising system integrity and security. This can be exploited through adjacent networks, enabling an intruder to manipulate system operations completely. It’s essential for users to review their security configurations and apply necessary updates to protect against potential exploits.

Affected Version(s)

Aterm CM51FD Before Ver. 1.2.0

Aterm MR51FN Before Ver. 3.4.0

References

https://jpn.nec.com/security-info/secinfo/nv26-003_en.html

CVSS V4

Score:

8.5

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 25, 2026
Vulnerability Reserved
May 15, 2026

Credit

Sou Katou of Mitsui & Co. Secure Direction, Inc.

CVE-2026-8652 Data

JSON