A CRITICAL-severity vulnerability identified as CVE-2026-3587 has been published on March 23, 2026 with a CVSS base score of 10.0. This security advisory provides a detailed breakdown of the vulnerability, its potential impact, weakness classification, and actionable steps to protect your systems.
Vulnerability Details
CVE ID: CVE-2026-3587
Severity: CRITICAL
CVSS Score: 10.0
Published: March 23, 2026
Weakness (CWE): CWE-912
| Attack Vector | Network |
| Attack Complexity | Low |
| Privileges Required | None |
| User Interaction | None |
| Confidentiality Impact | High |
| Integrity Impact | High |
| Availability Impact | High |
Technical Description
An unauthenticated remote attacker can exploit a hidden function in the CLI prompt to escape the restricted interface and gain root access to the underlying Linux based OS, leading to full compromise of the device.
Potential Impact
If exploited, this critical-severity vulnerability could allow an attacker to compromise sensitive data confidentiality, tamper with system integrity, cause a denial of service. Organizations running affected software should treat this as a priority remediation item.
Recommended Action
No official patch is available yet. Until one is released:
- Monitor the official NVD page and vendor channels for patch announcements.
- Restrict access to the affected system or service where possible.
- Apply network-level mitigations such as firewall rules or WAF policies.
- Enable logging and alerting for anomalous activity related to this vulnerability.
- Review your incident response plan in case of active exploitation.
References
Related Security Advisories
- [CRITICAL] CVE-2026-33057 — CVSS 9.8 (March 20, 2026) — CRITICAL / CVSS 9.8
- [CRITICAL] CVE-2026-4312 — CVSS 9.8 (March 17, 2026) — CRITICAL / CVSS 9.8
- [CRITICAL] CVE-2025-11158 — CVSS 9.1 (March 10, 2026) — CRITICAL / CVSS 9.1
![[HIGH] CVE-2026-0234 — CVSS 7.2 (April 13, 2026)](https://atlas-cybersecurity.com/wp-content/plugins/elementor/assets/images/placeholder.png)
