CVE-2026-27208 - Vulnerability Analysis
CriticalCVSS: 9.2Last Updated: February 24, 2026
bleon-ethical api-gateway-deploy - OS Command Injection & Privilege Escalation
Overview
bleon-ethical api-gateway-deploy 1.0.0 contains an OS command injection caused by improper input sanitization in entrypoint.sh, letting attackers execute arbitrary commands with root privileges, exploit requires crafted input.
Severity & Score
Impact
Attackers can execute commands as root, potentially escaping the container and modifying infrastructure unauthorizedly.
Mitigation
Update to version 1.0.1 or later.
References
Social Media Activity(2 posts)
š“ CVE-2026-27208 - Critical (9.2) bleon-ethical/api-gateway-deploy provides API gateway deployment. Version 1.0.0 is vulnerable to an attack chain involving OS Command Injection and Privilege Escalation. This allows an attacker to execute arbitrary commands with root privileges wi... š https://www.thehackerwire.com/vulnerability/CVE-2026-27208/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
View original post
š“ CVE-2026-27208 - Critical (9.2) bleon-ethical/api-gateway-deploy provides API gateway deployment. Version 1.0.0 is vulnerable to an attack chain involving OS Command Injection and Privilege Escalation. This allows an attacker to execute arbitrary commands with root privileges wi... š https://www.thehackerwire.com/vulnerability/CVE-2026-27208/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
View original postRelated Resources
Details
- CVE ID
- CVE-2026-27208
- Severity
- Critical
- CVSS Score
- 9.2
- Type
- command_injection
- Status
- unconfirmed
- EPSS
- 0.0%
- Social Posts
- 2
CWE
- CWE-78
CVSS Metrics
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:H