PatchSiren cyber security CVE debrief
CVE-2026-3120 Profelis Information and Consulting Trade and Industry Limited Company CVE debrief
CVE-2026-3120 is an Improper Control of Generation of Code ('Code Injection') vulnerability in Profelis Information and Consulting Trade and Industry Limited Company's SambaBox, which allows for OS Command Injection. This issue affects SambaBox versions from 5.1 before 5.3. The vulnerability has a CVSS score of 7.2 and is classified as HIGH severity.
- Vendor
- Profelis Information and Consulting Trade and Industry Limited Company
- Product
- SambaBox
- CVSS
- HIGH 7.2
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-05-04
- Original CVE updated
- 2026-06-06
- Advisory published
- 2026-05-04
- Advisory updated
- 2026-06-06
Who should care
Users of SambaBox versions from 5.1 before 5.3 should be aware of this vulnerability and take necessary actions to mitigate the risk.
Technical summary
The vulnerability is caused by improper control of generation of code, which allows for code injection and OS command injection. The CVSS vector for this vulnerability is CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H.
Defensive priority
HIGH
Recommended defensive actions
- Update SambaBox to version 5.3 or later.
- Refer to [ref-4](https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-26-0155) and [ref-5](https://www.usom.gov.tr/bildirim/tr-26-0155) for additional information.
Evidence notes
The CVE record [cve-org](https://www.cve.org/CVERecord?id=CVE-2026-3120) and NVD detail [nvd](https://nvd.nist.gov/vuln/detail/CVE-2026-3120) provide additional information about this vulnerability.
Official resources
CVE-2026-3120 was published on 2026-05-04T12:16:29.393Z and modified on 2026-06-06T08:16:53.577Z.