Supermicro BMC’s SMTP service contains a command injection vulnerability

7.2 / 10

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Description

There is a vulnerability in the Supermicro BMC SMTP service at Supermicro AS-2115HS-TNR.
An attacker may obtain administrator privileges and inject specially crafted characters into the SMTP service configuration. This may cause the underlying system to execute unintended commands during process invocation.

Potential impact includes denial-of-service attacks, arbitrary code execution, or permanent compromise of the controller.

Basic Information

ID CVE-2026-3820

Source Supermicro

Published Jun 4, 2026 at 08:07

Affected Product

Vendor SMCI

Product AS-2115HS-TNR

Version 01.08.01

Affected Versions SMCI AS-2115HS-TNR 01.08.01
SMCI AS-2115HS-TNR 01.06.04

CWE Classification

CWE-78

References

www.supermicro.com /en/support/security_BMC_IPMI_Jun_2026

{
    "lastseen": "",
    "description": "There is a vulnerability in the Supermicro BMC  SMTP service at Supermicro AS-2115HS-TNR.\u00a0\nAn attacker may obtain administrator privileges and inject specially crafted characters into the SMTP service configuration. This may cause the underlying system to execute unintended commands during process invocation.\n\nPotential impact includes denial-of-service attacks, arbitrary code execution, or permanent compromise of the controller.",
    "published": "2026-06-04T08:07:57.608Z",
    "modified": "2026-06-04T08:07:57.608Z",
    "type": "cve",
    "title": "Supermicro BMC's SMTP service contains a command injection vulnerability",
    "source": "Supermicro",
    "references": "https://www.supermicro.com/en/support/security_BMC_IPMI_Jun_2026",
    "id": "CVE-2026-3820",
    "bulletinFamily": "",
    "cwe": [
        "CWE-78"
    ],
    "cvelist": null,
    "sourceData": "SMCI AS-2115HS-TNR 01.08.01\nSMCI AS-2115HS-TNR 01.06.04",
    "sourceHref": "",
    "cvss": {
        "score": 7.2,
        "severity": "HIGH",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "AS-2115HS-TNR",
    "version": "01.08.01",
    "vendor": "SMCI",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Supermicro BMC’s SMTP service contains a command injection vulnerability_CVE-2026-3820