CRITICAL
HGiga
CVE published 2026-04-16
CVE-2026-6349
A critical OS command injection vulnerability in HGiga iSherlock allows unauthenticated local attackers to execute arbitrary commands on affected servers. The vulnerability, rated CVSS 9.3 (Critical), was disclosed by Taiwan's TW-CERT in April 2026 and remains in 'Deferred' status in NVD as of May 2026. The weakness stems from improper neutralization of special elements used in OS commands (CWE-78). Organ [truncated]