HGiga｜iSherlock – OS Command Injection_CVE-2026-6349

10 / 10

CRITICAL

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

Description

The iSherlock developed by HGiga has an OS Command Injection vulnerability, allowing unauthenticated local attackers to inject arbitrary OS commands and execute them on the server.

AI Analysis

OS Command Injection vulnerability in iSherlock, allowing unauthenticated local attackers to inject and execute arbitrary OS commands

Basic Information

ID CVE-2026-6349

Source twcert

Published Apr 16, 2026 at 02:24

Modified Apr 16, 2026 at 02:25

Affected Product

Vendor HGiga

Product iSherlock-base-4.5

Affected Versions HGiga iSherlock-base-4.5 0
HGiga iSherlock-audit-4.5 0
HGiga iSherlock-base-5.5 0
HGiga iSherlock-audit-5.5 0

CWE Classification

CWE-78

AI Assessment

AI Score 10 / 10

AI Severity Critical

Vendor HGiga

Product iSherlock

Version 4.5, 5.5

References

{
    "lastseen": "",
    "description": "The iSherlock developed by HGiga has an OS Command Injection vulnerability, allowing unauthenticated local attackers to inject arbitrary OS commands and execute them on the server.",
    "published": "2026-04-16T02:24:45.258Z",
    "modified": "2026-04-16T02:25:04.710Z",
    "type": "cve",
    "title": "HGiga\uff5ciSherlock - OS Command Injection",
    "source": "twcert",
    "references": "https://www.twcert.org.tw/tw/cp-132-10842-3f255-1.html\nhttps://www.twcert.org.tw/en/cp-139-10841-4f504-2.html",
    "id": "CVE-2026-6349",
    "bulletinFamily": "",
    "cwe": [
        "CWE-78"
    ],
    "cvelist": null,
    "sourceData": "HGiga iSherlock-base-4.5 0\nHGiga iSherlock-audit-4.5 0\nHGiga iSherlock-base-5.5 0\nHGiga iSherlock-audit-5.5 0",
    "sourceHref": "",
    "cvss": {
        "score": 10,
        "severity": "CRITICAL",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "iSherlock-base-4.5",
    "version": "0",
    "vendor": "HGiga",
    "ai_description": "OS Command Injection vulnerability in iSherlock, allowing unauthenticated local attackers to inject and execute arbitrary OS commands",
    "ai_severity": "Critical",
    "ai_vendor": "HGiga",
    "ai_product": "iSherlock",
    "ai_version": "4.5, 5.5",
    "ai_score": 10
}