What is CVE-2026-3828?

CVE-2026-3828 is a high-severity vulnerability in Hikvision Ds-3e1310p-si, classified under OS Command Injection. CVSS score: 7.2/10. Published 2026-05-09.

How severe is CVE-2026-3828?

High severity. CVSS v3 base score is 7.2 out of 10.

RCE in Hikvision Ds-3e1310p-si

CVE-2026-3828

Some Hikvision switch products (discontinued since December 2023) are vulnerable to authenticated remote command execution due to insufficient input validation. Attackers with valid credentials can exploit this flaw by sending crafted pack…

Vulnerability class: Command Injection (OS Command Injection)

EPSS: 0.000 (15.4th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.2 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H.

Affected products

Hikvision Ds-3e1310p-si — versions Versions below V1.2.4_210623 (including V1.2.4_210623)
Hikvision Ds-3e1318p-si — versions Versions below V1.2.0_210823 (including V1.2.0_210823)
Hikvision Ds-3e1326p-si — versions Versions below V1.2.0_210823 (including V1.2.0_210823)

Weakness classification (CWE)

CWE-78 — OS Command Injection

References

hsrc@hikvision.com

Frequently asked questions

What is CVE-2026-3828?: CVE-2026-3828 is a high-severity vulnerability in Hikvision Ds-3e1310p-si, classified under OS Command Injection. CVSS score: 7.2/10. Published 2026-05-09.
How severe is CVE-2026-3828?: High severity. CVSS v3 base score is 7.2 out of 10.