PatchSiren cyber security CVE debrief
CVE-2026-11845 IEI Integration Corp CVE debrief
CVE-2026-11845 is an OS Command Injection vulnerability in the iVEC-IEI Virtualization Edge Computer developed by IEI Integration Corp. This vulnerability allows privileged remote attackers to inject arbitrary OS commands and execute them on the device. The vulnerability has a CVSS score of 8.6 and is classified as HIGH severity.
- Vendor
- IEI Integration Corp
- Product
- iVEC TANK-XM811
- CVSS
- HIGH 8.6
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-12
- Original CVE updated
- 2026-06-12
- Advisory published
- 2026-06-12
- Advisory updated
- 2026-06-12
Who should care
Administrators and users of the iVEC-IEI Virtualization Edge Computer developed by IEI Integration Corp should be aware of this vulnerability and take necessary actions to mitigate it.
Technical summary
The vulnerability is caused by an OS Command Injection weakness, which is identified as CWE-78. The CVSS vector for this vulnerability is CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X.
Defensive priority
HIGH
Recommended defensive actions
- Apply patches or updates provided by the vendor to fix the vulnerability.
- Restrict access to the device to only trusted users and networks.
- Monitor the device for suspicious activity and implement additional security measures as needed.
Evidence notes
The CVE record and NVD detail can be found at [cve-org](https://www.cve.org/CVERecord?id=CVE-2026-11845) and [nvd](https://nvd.nist.gov/vuln/detail/CVE-2026-11845) respectively. Additional information can be found at [ref-4](https://www.twcert.org.tw/en/cp-139-10970-e4b21-2.html) and [ref-5](https://www.twcert.org.tw/tw/cp-132-10969-4c4e2-1.html).
Official resources
CVE-2026-11845 was published on 2026-06-12T10:16:21.617Z and modified on 2026-06-12T16:00:18.860Z.