RCE in Profelis Informatics’ SambaBox_CVE-2026-3120

7.2 / 10

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Description

Improper Control of Generation of Code ('Code Injection') vulnerability in Profelis Information and Consulting Trade and Industry Limited Company SambaBox allows OS Command Injection.

This issue affects SambaBox: from 5.1 before 5.3.

Basic Information

ID CVE-2026-3120

Source TR-CERT

Published May 4, 2026 at 11:53

Modified May 4, 2026 at 12:42

Affected Product

Vendor Profelis Information and Consulting Trade and Industry Limited Company

Product SambaBox

Version 5.1

Affected Versions Profelis Information and Consulting Trade and Industry Limited Company SambaBox 5.1

CWE Classification

CWE-94

References

www.usom.gov.tr /bildirim/tr-26-0155

{
    "lastseen": "",
    "description": "Improper Control of Generation of Code ('Code Injection') vulnerability in Profelis Information and Consulting Trade and Industry Limited Company SambaBox allows OS Command Injection.\n\nThis issue affects SambaBox: from 5.1 before 5.3.",
    "published": "2026-05-04T11:53:27.437Z",
    "modified": "2026-05-04T12:42:30.558Z",
    "type": "cve",
    "title": "RCE in Profelis Informatics' SambaBox",
    "source": "TR-CERT",
    "references": "https://www.usom.gov.tr/bildirim/tr-26-0155",
    "id": "CVE-2026-3120",
    "bulletinFamily": "",
    "cwe": [
        "CWE-94"
    ],
    "cvelist": null,
    "sourceData": "Profelis Information and Consulting Trade and Industry Limited Company SambaBox 5.1",
    "sourceHref": "",
    "cvss": {
        "score": 7.2,
        "severity": "HIGH",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "SambaBox",
    "version": "5.1",
    "vendor": "Profelis Information and Consulting Trade and Industry Limited Company",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}