CVE 9.3 CRITICAL

SECCN Dingcheng G10 session_login.cgi qq os command injection_CVE-2026-2686

February 18, 2026 invoker category_cve

9.3 / 10

CRITICAL

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P

Description

A security vulnerability has been detected in SECCN Dingcheng G10 3.1.0.181203. This impacts the function qq of the file /cgi-bin/session_login.cgi. The manipulation of the argument User leads to os command injection. The attack is possible to be carried out remotely. The exploit has been disclosed publicly and may be used.

AI Analysis

OS command injection vulnerability in SECCN Dingcheng G10 session_login.cgi qq function

Basic Information

ID CVE-2026-2686

Source VulDB

Published Feb 19, 2026 at 00:02

Affected Product

Vendor SECCN Dingcheng

Product G10

Version 3.1.0.181203

Affected Versions SECCN Dingcheng G10 3.1.0.181203

CWE Classification

CWE-78 CWE-77

AI Assessment

AI Score 9.3 / 10

AI Severity Critical

Vendor SECCN Dingcheng

Product G10

Version 3.1.0.181203

References

{
    "lastseen": "",
    "description": "A security vulnerability has been detected in SECCN Dingcheng G10 3.1.0.181203. This impacts the function qq of the file /cgi-bin/session_login.cgi. The manipulation of the argument User leads to os command injection. The attack is possible to be carried out remotely. The exploit has been disclosed publicly and may be used.",
    "published": "2026-02-19T00:02:07.214Z",
    "modified": "2026-02-19T00:02:07.214Z",
    "type": "cve",
    "title": "SECCN Dingcheng G10 session_login.cgi qq os command injection",
    "source": "VulDB",
    "references": "https://vuldb.com/?id.346488\nhttps://vuldb.com/?ctiid.346488\nhttps://vuldb.com/?submit.754200\nhttps://github.com/cha0yang1/SECCN/blob/main/UnauthorizedRCE.md\nhttps://github.com/cha0yang1/SECCN/blob/main/UnauthorizedRCE.md#2-vulnerability-reproduction-proof-of-concept",
    "id": "CVE-2026-2686",
    "bulletinFamily": "",
    "cwe": [
        "CWE-78",
        "CWE-77"
    ],
    "cvelist": null,
    "sourceData": "SECCN Dingcheng G10 3.1.0.181203",
    "sourceHref": "",
    "cvss": {
        "score": 9.3,
        "severity": "CRITICAL",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "G10",
    "version": "3.1.0.181203",
    "vendor": "SECCN Dingcheng",
    "ai_description": "OS command injection vulnerability in SECCN Dingcheng G10 session_login.cgi qq function",
    "ai_severity": "Critical",
    "ai_vendor": "SECCN Dingcheng",
    "ai_product": "G10",
    "ai_version": "3.1.0.181203",
    "ai_score": 9.3
}

💭 Join the Security Discussion ❌ Cancel Reply