PatchSiren cyber security CVE debrief
CVE-2026-53694 NoMachine CVE debrief
CVE-2026-53694 is an Improper Neutralization of Argument Delimiters in a Command (Argument Injection) vulnerability affecting Nomachine versions before 9.5.7 and 8.23.2. The vulnerability has a CVSS score of 7.3 and is rated HIGH. It was published on [cvePublishedAt](https://www.cve.org/CVERecord?id=CVE-2026-53694) and last modified on [cveModifiedAt](https://nvd.nist.gov/vuln/detail/CVE-2026-53694).
- Vendor
- NoMachine
- Product
- Unknown
- CVSS
- HIGH 7.3
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-10
- Original CVE updated
- 2026-06-10
- Advisory published
- 2026-06-10
- Advisory updated
- 2026-06-10
Who should care
Users of Nomachine versions before 9.5.7 and 8.23.2 should apply patches to mitigate this vulnerability.
Technical summary
The vulnerability is caused by improper neutralization of argument delimiters in a command, allowing for argument injection. This issue affects Nomachine versions before 9.5.7 and 8.23.2.
Defensive priority
HIGH
Recommended defensive actions
- Apply patches for Nomachine versions before 9.5.7 and 8.23.2.
- Refer to [ref-4](https://kb.nomachine.com/SU05X00274) and [ref-5](https://kb.nomachine.com/SU05X00275) for more information.
Evidence notes
The CVE record [cve-org] and NVD detail [nvd] provide additional information on this vulnerability.
Official resources
-
CVE-2026-53694 CVE record
CVE.org
-
CVE-2026-53694 NVD detail
NVD
-
Source item URL
nvd_modified
-
Source reference
5a6e4751-2f3f-4070-9419-94fb35b644e8
-
Source reference
5a6e4751-2f3f-4070-9419-94fb35b644e8
CVE-2026-53694 was published on 2026-06-10T16:17:17.093Z and last modified on 2026-06-10T20:11:16.543Z.