CSIRTS // UNIFIED SECURITY ADVISORY FEEDSYS ● ONLINE · POWERED BY INTELFUSIONS.COM

CVE-2026-32833

highCVSS 8.8covered by 1 sourcefirst seen 2026-06-26
Cudy LT300 3.0 running firmware prior to version 2.5.12 contains an OS command injection vulnerability that allows authenticated attackers to execute arbitrary commands by injecting shell metacharacters into the cbid.system.ntp.current POST parameter in the system time configuration interface. Attackers can submit malicious payloads through the NTP settings endpoint to achieve remote code execution on the underlying system.

⚡ Watch CVE-2026-32833

Get an email if CVE-2026-32833 is added to CISA KEV, gains public exploit code, or a new advisory cites it — max one per day, one-click unsubscribe.

Exploitation outlook

Advisory coverage (1)

External references

NVD record for CVE-2026-32833

CVE.org record

Embed the live status

CVE-2026-32833 live status badge — this badge updates automatically when the KEV or exploit status changes. How to embed it →

[![CVE-2026-32833 status](https://www.csirts.com/badge/CVE-2026-32833)](https://www.csirts.com/cve/CVE-2026-32833)