Radiflow CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

CRITICAL Radiflow CVE published 2026-06-16

CVE-2026-22313

CVE-2026-22313 is a critical OS command injection vulnerability in a device's webserver that exposes a REST API authenticated with a token on the management network. An authenticated attacker can exploit this vulnerability to send arbitrary commands to the device, which are executed with administrative permissions by the underlying operating system. The vulnerability has a CVSS score of 9.1 and is conside [truncated]

HIGH Radiflow CVE published 2026-06-16

CVE-2026-22312

CVE-2026-22312 is a HIGH severity vulnerability with a CVSS score of 8.6. The device has a webserver that exposes a REST API authenticated with a constant token. An unauthenticated API can be used by an attacker to get access to system settings, modify the configuration and execute some commands (e.g., system reboot).