RCE in Brocade Fabric Os

CVE-2026-0383

A vulnerability in Brocade Fabric OS could allow an authenticated, local attacker with privileges to access the Bash shell to access insecurely stored file contents including the history command.

Vulnerability class: Command Injection (OS Command Injection)

EPSS: 0.000 (1.5th percentile) — read the EPSS interpretation.

Affected products

Brocade Fabric Os — versions before 9.2.1c2, 9.2.2 through 9.2.2a and 10.0.0

Weakness classification (CWE)

CWE-78 — OS Command Injection

References

support.broadcom.com/web/ecx/support-content-notification/-/external/content/Se…