CVE-2026-8914

Summary

In Teltonika Networks RUTOS devices, running versions 7.22 through 7.23.2 and TSWOS devices running versions 1.09 through 1.09.1, due to unsafe calls to an eval function in rpc-profile, a vulnerability exists where a lower privileged user could perform command injection as the root user.

Affected Software

VendorProductVersion RangeStatus
Teltonika NetworksRUTOS7.22 <= 7.23.2affected
Teltonika NetworksTSWOS1.09 <= 1.09.1affected

Weaknesses

  • CWE-95: CWE-95 Improper neutralization of directives in dynamically evaluated code ('eval injection')

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References