CVE-2026-1185 - Vulnerability Details - OpenCVE

A configuration file on the local file system had improper input validation which could allow code execution and potentially lead to privilege escalation. This vulnerability can only be exploited if an attacker can log in to the Axis device using SSH.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact Low

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact total

Vendors	Products
Axis Communications Ab	Axis Os

No data.

No data.

References

Link	Providers
https://www.axis.com/dam/public/69/df/8d/cve-2026-1185pdf-en-US-530733.pdf

History

Tue, 12 May 2026 14:15:00 +0000

Type	Values Removed	Values Added
Metrics	ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`	ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Tue, 12 May 2026 13:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Tue, 12 May 2026 07:45:00 +0000

Type	Values Removed	Values Added
Title		Improper Input Validation in Configuration File Allows Code Execution on Axis OS
First Time appeared		Axis Communications Ab Axis Communications Ab axis Os
Vendors & Products		Axis Communications Ab Axis Communications Ab axis Os

Tue, 12 May 2026 06:30:00 +0000

Type	Values Removed	Values Added
Description		A configuration file on the local file system had improper input validation which could allow code execution and potentially lead to privilege escalation. This vulnerability can only be exploited if an attacker can log in to the Axis device using SSH.
Weaknesses		CWE-732
References		https://www.axis.com/dam/public/69/df/8d/cve-2026-1185pdf-en-US-530733.pdf
Metrics		cvssV3_1 `{'score': 5.4, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L'}`

MITRE

Status: PUBLISHED

Assigner: Axis

Published: 2026-05-12T05:49:46.712Z

Updated: 2026-05-13T03:57:48.852Z

Reserved: 2026-01-19T13:10:24.354Z

Link: CVE-2026-1185

Vulnrichment

Updated: 2026-05-12T13:05:15.710Z

NVD

Status : Awaiting Analysis

Published: 2026-05-12T07:16:09.720

Modified: 2026-05-12T14:13:03.510

Link: CVE-2026-1185

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-1185", "assignerOrgId": "f2daf9a0-02c2-4b83-a01d-63b3b304b807", "state": "PUBLISHED", "assignerShortName": "Axis", "dateReserved": "2026-01-19T13:10:24.354Z", "datePublished": "2026-05-12T05:49:46.712Z", "dateUpdated": "2026-05-13T03:57:48.852Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "f2daf9a0-02c2-4b83-a01d-63b3b304b807", "shortName": "Axis", "dateUpdated": "2026-05-12T05:49:46.712Z"}, "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-732", "description": "CWE-732: Incorrect Permission Assignment for Critical Resource", "type": "CWE"}]}], "affected": [{"vendor": "Axis Communications AB", "product": "AXIS OS", "versions": [{"status": "affected", "version": "12.0.0", "lessThan": "12.10.36", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "A configuration file on the local file system had improper input validation which could allow code execution and potentially lead to privilege escalation. This vulnerability can only be exploited if an attacker can\u00a0log in to the Axis device using SSH.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "A configuration file on the local file system had improper input validation which could allow code execution and potentially lead to privilege escalation. This vulnerability can only be exploited if an attacker can log in to the Axis device using SSH."}]}], "references": [{"url": "https://www.axis.com/dam/public/69/df/8d/cve-2026-1185pdf-en-US-530733.pdf"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "availabilityImpact": "LOW", "baseSeverity": "MEDIUM", "baseScore": 5.4, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L"}}], "credits": [{"lang": "en", "value": "Cookiejack15", "type": "finder"}], "x_generator": {"engine": "Vulnogram 1.0.2"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-05-12T00:00:00+00:00", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3", "id": "CVE-2026-1185"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-05-13T03:57:48.852Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-1185", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-05-12T13:50:18.620628Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-05-12T13:05:15.710Z"}}], "cna": {"credits": [{"lang": "en", "type": "finder", "value": "Cookiejack15"}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Axis Communications AB", "product": "AXIS OS", "versions": [{"status": "affected", "version": "12.0.0", "lessThan": "12.10.36", "versionType": "semver"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://www.axis.com/dam/public/69/df/8d/cve-2026-1185pdf-en-US-530733.pdf"}], "x_generator": {"engine": "Vulnogram 1.0.2"}, "descriptions": [{"lang": "en", "value": "A configuration file on the local file system had improper input validation which could allow code execution and potentially lead to privilege escalation. This vulnerability can only be exploited if an attacker can\u00a0log in to the Axis device using SSH.", "supportingMedia": [{"type": "text/html", "value": "A configuration file on the local file system had improper input validation which could allow code execution and potentially lead to privilege escalation. This vulnerability can only be exploited if an attacker can log in to the Axis device using SSH.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-732", "description": "CWE-732: Incorrect Permission Assignment for Critical Resource"}]}], "providerMetadata": {"orgId": "f2daf9a0-02c2-4b83-a01d-63b3b304b807", "shortName": "Axis", "dateUpdated": "2026-05-12T05:49:46.712Z"}}}, "cveMetadata": {"cveId": "CVE-2026-1185", "state": "PUBLISHED", "dateUpdated": "2026-05-13T03:57:48.852Z", "dateReserved": "2026-01-19T13:10:24.354Z", "assignerOrgId": "f2daf9a0-02c2-4b83-a01d-63b3b304b807", "datePublished": "2026-05-12T05:49:46.712Z", "assignerShortName": "Axis"}, "dataVersion": "5.2"}