CVE-2026-15545

Summary

A vulnerability was identified in Shibby Tomato up to 1.28.0000. Affected by this vulnerability is the function main of the file www/apcupsd/tomatodata.cgi of the component apcupsd. Such manipulation leads to out-of-bounds write. The attack may be launched remotely. The exploit is publicly available and might be used. This project is superseded by FreshTomato.

Affected Software

VendorProductVersion RangeStatus
ShibbyTomato1.0affected
ShibbyTomato1.1affected
ShibbyTomato1.2affected
ShibbyTomato1.3affected
ShibbyTomato1.4affected
ShibbyTomato1.5affected
ShibbyTomato1.6affected
ShibbyTomato1.7affected
ShibbyTomato1.8affected
ShibbyTomato1.9affected
ShibbyTomato1.10affected
ShibbyTomato1.11affected
ShibbyTomato1.12affected
ShibbyTomato1.13affected
ShibbyTomato1.14affected
ShibbyTomato1.15affected
ShibbyTomato1.16affected
ShibbyTomato1.17affected
ShibbyTomato1.18affected
ShibbyTomato1.19affected
ShibbyTomato1.20affected
ShibbyTomato1.21affected
ShibbyTomato1.22affected
ShibbyTomato1.23affected
ShibbyTomato1.24affected
ShibbyTomato1.25affected
ShibbyTomato1.26affected
ShibbyTomato1.27affected
ShibbyTomato1.28.0000affected

Weaknesses

  • CWE-787: Out-of-bounds Write
  • CWE-119: Memory Corruption

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: total

References