What is CVE-2026-9645?

CVE-2026-9645 is a critical-severity vulnerability in Scadabr, classified under OS Command Injection. CVSS score: 9.9/10. Published 2026-05-28.

How severe is CVE-2026-9645?

Critical severity. CVSS v3 base score is 9.9 out of 10.

RCE in Scadabr

CVE-2026-9645

Exposed methods allow authenticated users to create and execute arbitrary JavaScript code on the server. The scripts execute with full access, enabling complete system compromise as commands are executed as root.

Vulnerability class: Command Injection (OS Command Injection)

EPSS: 0.001 (16.9th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 9.9 (Critical). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H.

Affected products

Scadabr — versions 1.2.0

Weakness classification (CWE)

CWE-78 — OS Command Injection

References

vulnreport@tenable.com

Frequently asked questions

What is CVE-2026-9645?: CVE-2026-9645 is a critical-severity vulnerability in Scadabr, classified under OS Command Injection. CVSS score: 9.9/10. Published 2026-05-28.
How severe is CVE-2026-9645?: Critical severity. CVSS v3 base score is 9.9 out of 10.