What is CVE-2026-32833?

CVE-2026-32833 is a high-severity vulnerability in Shenzhen Cudy Technology Co., Ltd. Lt300 3.0, classified under OS Command Injection. CVSS score: 8.8/10. Published 2026-06-26.

How severe is CVE-2026-32833?

High severity. CVSS v3 base score is 8.8 out of 10.

RCE in Shenzhen Cudy Technology Co., Ltd. Lt300 3.0

CVE-2026-32833

Cudy LT300 3.0 running firmware prior to version 2.5.12 contains an OS command injection vulnerability that allows authenticated attackers to execute arbitrary commands by injecting shell metacharacters into the cbid.system.ntp.current POS…

Vulnerability class: Command Injection (OS Command Injection)

CVSS v3 metric

CVSS v3 base score 8.8 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H.

Affected products

Shenzhen Cudy Technology Co., Ltd. Lt300 3.0 — versions 0

Weakness classification (CWE)

CWE-78 — OS Command Injection

References

disclosure@vulncheck.com (release-notes, patch)
disclosure@vulncheck.com (third-party-advisory)

Frequently asked questions

What is CVE-2026-32833?: CVE-2026-32833 is a high-severity vulnerability in Shenzhen Cudy Technology Co., Ltd. Lt300 3.0, classified under OS Command Injection. CVSS score: 8.8/10. Published 2026-06-26.
How severe is CVE-2026-32833?: High severity. CVSS v3 base score is 8.8 out of 10.