MidnightBSD

Advisories for angeet

CVE-2026-32297

The Angeet ES3 KVM allows a remote, unauthenticated attacker to write arbitrary files, including configuration files or system binaries. Modified configuration files or system binaries could allow an attacker to take complete control of a vulnerable system.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
9119a7d8-5eab-497f-8521-727c672e3725 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N 3.9 3.6

Products Affected

Vendor Product Version
angeet es3_kvm_firmware -
CVE-2026-32298

The Angeet ES3 KVM does not properly sanitize user-supplied variables parsed by the 'cfg.lua' script, allowing an authenticated attacker to execute OS-level commands.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
9119a7d8-5eab-497f-8521-727c672e3725 9.1 CRITICAL CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H 2.3 6.0

Products Affected

Vendor Product Version
angeet es3_kvm_firmware -