PatchSiren cyber security CVE debrief
CVE-2026-22313 Radiflow CVE debrief
CVE-2026-22313 is a critical OS command injection vulnerability in a device's webserver that exposes a REST API authenticated with a token on the management network. An authenticated attacker can exploit this vulnerability to send arbitrary commands to the device, which are executed with administrative permissions by the underlying operating system. The vulnerability has a CVSS score of 9.1 and is considered critical.
- Vendor
- Radiflow
- Product
- iSAP Smart Collector
- CVSS
- CRITICAL 9.1
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-16
- Original CVE updated
- 2026-06-17
- Advisory published
- 2026-06-16
- Advisory updated
- 2026-06-17
Who should care
Administrators and users of the affected device should be aware of this vulnerability and take immediate action to mitigate it.
Technical summary
The device has a webserver that exposes a REST API authenticated with a token on the management network. By exploiting an OS command injection vulnerability, an authenticated attacker can send arbitrary commands to the device that are executed with administrative permissions by the underlying operating system.
Defensive priority
high
Recommended defensive actions
- Apply patches or updates as soon as they are available.
- Restrict access to the management network.
- Monitor device logs for suspicious activity.
Evidence notes
The CVE record was obtained from the official CVE website [cve-org]. Additional information was obtained from the National Vulnerability Database [nvd].
Official resources
-
CVE-2026-22313 CVE record
CVE.org
-
CVE-2026-22313 NVD detail
NVD
-
Source item URL
nvd_modified
-
Source reference
a6d3dc9e-0591-4a13-bce7-0f5b31ff6158
CVE-2026-22313 was published on 2026-06-16T20:16:28.710Z and modified on 2026-06-16T20:47:43.440Z.