CVE 9.1 CRITICAL

Improper Sanitization in CNM Web Interface_CVE-2026-5433

May 21, 2026 invoker category_cve

9.1 / 10

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

Description

Honeywell Control
Network Module (CNM) contains command injection vulnerability
in the web interface. An attacker could exploit this vulnerability via command
delimiters, potentially resulting in Remote Code Execution (RCE).

AI Analysis

Command injection vulnerability in the web interface of Honeywell Control Network Module (CNM), potentially resulting in Remote Code Execution (RCE).

Basic Information

ID CVE-2026-5433

Source Honeywell

Published May 21, 2026 at 08:35

Affected Product

Vendor Honeywell International Inc.

Product Control Network Module (CNM)

Version 100.1

Affected Versions Honeywell International Inc. Control Network Module (CNM) 100.1

AI Assessment

AI Score 9.1 / 10

AI Severity Critical

Vendor Honeywell International Inc.

Product Control Network Module (CNM)

Version 100.1

References

process.honeywell.com /

{
    "lastseen": "",
    "description": "Honeywell Control\nNetwork Module (CNM)\u00a0contains command injection vulnerability\nin the web interface. An attacker could exploit this vulnerability via command\ndelimiters, potentially resulting in Remote Code Execution (RCE).",
    "published": "2026-05-21T08:35:31.438Z",
    "modified": "2026-05-21T08:35:31.438Z",
    "type": "cve",
    "title": "Improper Sanitization in CNM Web Interface",
    "source": "Honeywell",
    "references": "https://process.honeywell.com/",
    "id": "CVE-2026-5433",
    "bulletinFamily": "",
    "cwe": null,
    "cvelist": null,
    "sourceData": "Honeywell International Inc. Control Network Module (CNM) 100.1",
    "sourceHref": "",
    "cvss": {
        "score": 9.1,
        "severity": "CRITICAL",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Control Network Module (CNM)",
    "version": "100.1",
    "vendor": "Honeywell International Inc.",
    "ai_description": "Command injection vulnerability in the web interface of Honeywell Control Network Module (CNM), potentially resulting in Remote Code Execution (RCE).",
    "ai_severity": "Critical",
    "ai_vendor": "Honeywell International Inc.",
    "ai_product": "Control Network Module (CNM)",
    "ai_version": "100.1",
    "ai_score": 9.1
}

💭 Join the Security Discussion ❌ Cancel Reply