1. Home
  2. CVE Database
  3. CVE-2026-23920
NONE · 0

CVE-2026-23920

Host and event action script input is validated with a regex (set by the administrator), but the validation runs in multiline mode. If ^ and $ anchors are used in user input validation, an injected ne...

Vulnerability Description

Host and event action script input is validated with a regex (set by the administrator), but the validation runs in multiline mode. If ^ and $ anchors are used in user input validation, an injected newline lets authenticated users bypass the check and inject shell commands.

Related Weaknesses (CWE)

CWE-78

References

FAQ

What is CVE-2026-23920?

CVE-2026-23920 is a documented vulnerability. Host and event action script input is validated with a regex (set by the administrator), but the validation runs in multiline mode. If ^ and $ anchors are used in user input validation, an injected ne...

How severe is CVE-2026-23920?

CVSS scoring is not yet available for CVE-2026-23920. Check NVD for updates.

Is there a patch for CVE-2026-23920?

Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.