CNNVD-202602-055 Information

CNNVD ID

CNNVD-202602-055

Related CVE

CVE-2026-23515

• CNNVD Published: 2026-02-02

Description (Chinese)

Signal K Server是Signal K开源的一个船用中央服务器。 Signal K Server 1.5.0之前版本存在操作系统命令注入漏洞，该漏洞源于处理navigation.datetime值时shell命令构造不安全，可能导致命令注入。

Description (English)

Signal K Server is a central shipping server for Signal K Open Source. There was a loophole in the operating system command from the previous version of Signal K Server 1.5.0, which resulted from the unsafe construction of the shell command at the time of handling the navigation.datetime, which could lead to the injection of the order.

Hazard Level

High

Vulnerability Type

操作系统命令注入

Affected Vendor

Signal K

Published

2026-02-02

Last Modified

2026-02-24

References

https://github.com/SignalK/signalk-server/security/advisories/GHSA-p8gp-2w28-mhwg https://github.com/SignalK/set-system-time/commit/75b11eae2de528bf89ede3fb1f7ed057ddbb4d24 https://access.redhat.com/security/cve/cve-2026-23515

Patch

https://signalk.org/