Arbitrary Code Execution Vulnerability in Server Software by Cisco
CVE-2026-9645

9.9CRITICAL

Key Information:

Vendor: Scadabr
Status: Scadabr
Vendor: CVE Published:; 28 May 2026

What is CVE-2026-9645?

An arbitrary code execution vulnerability exists in Cisco software due to exposed methods that enable authenticated users to create and implement arbitrary JavaScript code on the server. This flaw allows the scripts to run with full access, posing a significant risk as commands are executed with root privileges, potentially leading to complete system compromise. Effective measures should be taken to secure affected systems against potential exploitation.

Affected Version(s)

ScadaBR 1.2.0

References

https://www.tenable.com/security/research/tra-2026-46

CVSS V3.1

Score:

9.9

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 28, 2026
Vulnerability Reserved
May 26, 2026

Credit

Derrie Sutton with Tenable

CVE-2026-9645 Data

JSON

Scadabr

What is CVE-2026-9645?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit