CRITICAL
Opendcim
CVE published 2026-02-27
CVE-2026-28517
CVE-2026-28517 is a critical OS command injection issue in openDCIM's report_network_map.php. The affected code retrieves the dot configuration value from the database and passes it to exec() without validation or sanitization. If an attacker can change fac_Config.dot, they may execute arbitrary commands in the context of the web server process.