A medium-severity vulnerability in Axis OS allows authenticated attackers with SSH access to achieve code execution and potential privilege escalation through improper input validation on a local configuration file. The vulnerability affects Axis OS versions from 12.0.0 up to but not including 12.10.37. Exploitation requires an attacker to first obtain valid SSH credentials to the target device, limiting [truncated]
MEDIUMAxis Communications ABCVE published 2026-05-12
A path traversal vulnerability in Axis OS ACAP configuration file handling could allow privilege escalation when unsigned ACAP application installation is enabled. The vulnerability requires both administrative misconfiguration (allowing unsigned apps) and social engineering to install a malicious application. Axis has released patched firmware in version 12.10.4.
MEDIUMAxis Communications ABCVE published 2026-05-12
An ACAP configuration file in Axis OS lacked sufficient input validation, enabling command injection and potential privilege escalation. Exploitation requires the device to permit unsigned ACAP application installation and user installation of a malicious application.
MEDIUMAxis Communications ABCVE published 2026-05-12
ACAP applications can gain elevated privileges due to improper input validation during the installation process, potentially leading to privilege escalation. This vulnerability can only be exploited if the Axis device is configured to allow the installation of unsigned ACAP applications, and if an attacker convinces the victim to install a malicious ACAP application.
