What is CVE-2026-4170?

CVE-2026-4170 is a critical-severity vulnerability in Topsec Topacm, classified under OS Command Injection. CVSS score: 9.8/10. Published 2026-03-15.

How severe is CVE-2026-4170?

Critical severity. CVSS v3 base score is 9.8 out of 10.

RCE in Topsec Topacm

CVE-2026-4170

A weakness has been identified in Topsec TopACM 3.0. Affected by this vulnerability is an unknown functionality of the file /view/systemConfig/management/nmc_sync.php of the component HTTP Request Handler. Executing a manipulation of the a…

Vulnerability class: Command Injection (OS Command Injection)

EPSS: 0.002 (44.6th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 9.8 (Critical). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R.

Affected products

Topsec Topacm — versions 3.0

Weakness classification (CWE)

References

VDB-351077 | Topsec TopACM HTTP Request nmc_sync.php os command injection (vdb-entry, technical-description)
VDB-351077 | CTI Indicators (IOB, IOC, TTP, IOA) (signature, permissions-required)
Submit #769768 | Topsec Technologies Inc. TopACM V3.0 OS Command Injection (third-party-advisory)
my.feishu.cn/docx/EAFFdhzoeodDxfxeazNcxBzCnRf (exploit)

Frequently asked questions

What is CVE-2026-4170?: CVE-2026-4170 is a critical-severity vulnerability in Topsec Topacm, classified under OS Command Injection. CVSS score: 9.8/10. Published 2026-03-15.
How severe is CVE-2026-4170?: Critical severity. CVSS v3 base score is 9.8 out of 10.