CVE-2026-11408
vertex-app vertex Log Viewer Endpoint LogMod.js os command injection
CVSS Score
6.3
EPSS Score
0.0%
EPSS Percentile
0th
A vulnerability was identified in vertex-app vertex up to 2026.02.12. This issue affects some unknown processing of the file app/model/LogMod.js of the component Log Viewer Endpoint. Such manipulation of the argument req.query leads to os command injection. The attack can be executed remotely. The exploit is publicly available and might be used. The name of the patch is 805d82e7100d49b79b3beb1b9420e8e458987198. It is best practice to apply a patch to resolve this issue.
| CWE | CWE-78 CWE-77 |
| Vendor | vertex-app |
| Product | vertex |
| Published | Jun 6, 2026 |
| Last Updated | Jun 8, 2026 |
Stay Ahead of the Next One
Get instant alerts for vertex-app vertex
Be the first to know when new medium vulnerabilities affecting vertex-app vertex are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Affected Versions
vertex-app / vertex
2026.02.0 2026.02.1 2026.02.2 2026.02.3 2026.02.4 2026.02.5 2026.02.6 2026.02.7 2026.02.8 2026.02.9 2026.02.10 2026.02.11 2026.02.12
References
vuldb.com: https://vuldb.com/vuln/368967 vuldb.com: https://vuldb.com/vuln/368967/cti vuldb.com: https://vuldb.com/cve/CVE-2026-11408 vuldb.com: https://vuldb.com/submit/818442 gist.github.com: https://gist.github.com/menelausx/e632faba4014474fcef6a1f541ca3e4e drive.google.com: https://drive.google.com/drive/folders/1DO-kB1eUoB1CksJ_ZKzpUaX0kp5Rgm_T?usp=sharing github.com: https://github.com/vertex-app/vertex/commit/805d82e7100d49b79b3beb1b9420e8e458987198 github.com: https://github.com/vertex-app/vertex/
Credits
๐ JasperX (VulDB User)