CVE-2026-3014
Milestone has released a new version of XProtect® (and several cumulative patch updates) which fix security vulnerability in Management Serv
CVSS
9.1
Crítico
EPSS
0.6%
p47
KEV
—
Exploit Today
14
0-100
Publicado: 14 jul 2026 · Última mod.: 16 jul 2026 · CWE-78
0.6%EPSS · 30 días0.6%
2026-07-142026-07-17
Milestone has released a new version of XProtect® (and several cumulative patch updates) which fix security vulnerability in Management Server API. The vulnerability causes users with edit permissions to the Management Server to be able to execute arbitrary code in context of the Management Server Service.
- doc.milestonesys.comhttps://doc.milestonesys.com/en-US/bundle/sec1504_latest/page/milestone_security_advisory_CVE-2026-3014_potential_remote_code_execution_by_admin_user_on_Management_Server.html
- support.milestonesys.comhttps://support.milestonesys.com/article/CVE-2026-3014-potential-remote-code-execution-by-admin-user-on-Management-Server
CVECVSSEPSSKEVRExplotTítuloVis.
CVE-2026-341978.8 ALT99.9%
KEV—80Apache ActiveMQ Improper Input Validation Vulnerability3dCVE-2024-121210.0 CRÍ99.9%
KEV—80Progress Kemp LoadMaster OS Command Injection Vulnerability4dCVE-2026-398089.8 CRÍ99.7%
KEV—80Fortinet FortiSandbox OS Command Injection Vulnerability19hCVE-2022-262589.8 CRÍ99.6%
KEV—80D-Link DIR-820L Remote Code Execution Vulnerability8dCVE-2026-422718.8 ALT99.6%
KEV—80BerriAI LiteLLM Command Injection Vulnerability3dCVE-2021-252988.8 ALT99.5%
KEV—80Nagios XI OS Command Injection8d