PatchSiren cyber security CVE debrief
CVE-2026-8914 Teltonika Networks CVE debrief
A high-severity command injection vulnerability exists in Teltonika Networks RUTOS devices, running versions 7.22 through 7.23.2, and TSWOS devices, running versions 1.09 through 1.09.1. The vulnerability is caused by unsafe calls to an eval function in rpc-profile, allowing a lower privileged user to perform command injection as the root user. The Common Vulnerability Scoring System (CVSS) score for this vulnerability is 8.4, indicating a high severity. The CVE was published on 2026-06-05T11:16:37.043Z and last modified on 2026-06-05T14:59:51.620Z.
- Vendor
- Teltonika Networks
- Product
- RUTOS
- CVSS
- HIGH 8.4
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-05
- Original CVE updated
- 2026-06-05
- Advisory published
- 2026-06-05
- Advisory updated
- 2026-06-05
Who should care
Administrators and users of Teltonika Networks RUTOS and TSWOS devices should be aware of this vulnerability and take necessary actions to mitigate it.
Technical summary
The vulnerability exists due to unsafe calls to an eval function in rpc-profile, allowing a lower privileged user to perform command injection as the root user.
Defensive priority
High
Recommended defensive actions
- Update to a patched version of RUTOS and TSWOS as soon as possible.
- Restrict access to the rpc-profile function to only authorized users.
- Monitor system logs for suspicious activity.
Evidence notes
The CVE record and NVD detail pages provide evidence of the vulnerability and its severity.
Official resources
-
CVE-2026-8914 CVE record
CVE.org
-
CVE-2026-8914 NVD detail
NVD
-
Source item URL
nvd_modified
-
Source reference
001d69cf-3fc9-4203-93fb-9865b54e05b2
CVE-2026-8914 was published on 2026-06-05T11:16:37.043Z and last modified on 2026-06-05T14:59:51.620Z.