216.73.217.22

CVE-2026-45777

· Published 05/06/2026 20:17 · Modified 05/06/2026 20:48

Labels: CVE-2026-45777 2026-06-05CVE-2026-45777CWE-78[email protected]

Essential information

Published
05/06/2026 20:17
Modified
05/06/2026 20:48
Author
Creator
CVSS
9.3 CRITICAL (v3) 9.3 CRITICAL (v4.0)
CISA KEV
No
CWE
CVSS vector

CVSS metrics

Description

OpenXDMoD is an open framework for collecting and analyzing HPC metrics. Starting in version 9.5.0 and prior to version 11.0.3, an attacker can remotely execute arbitrary system commands on the web server hosting Open XDMoD with the privileges of the web server process. This could allow an attacker to read or modify application data, alter system configuration, or disrupt service availability. All deployments of Open XDMoD versions 9.5.0 through 11.0.2 (inclusive) are impacted. This issue was reported privately on 2026-04-06, and at this time there is no evidence that this vulnerability has been exploited in the wild. The vulnerability was patched in Open XDMoD 11.0.3 on 2026-05-12. As a workaround, apply the patch manually.

NVD status

Status
Undergoing Analysis — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
openxdmod / openxdmod cpe:2.3:a:openxdmod:openxdmod:9.5.0-11.0.2:*:*:*:*:*:*:*
openxdmod / openxdmod cpe:2.3:a:openxdmod:openxdmod:11.0.3:*:*:*:*:*:*:*

References