CVE-2026-32297

HIGH 7.5

Angeet ES3 KVM unauthenticated arbitrary file write

CVSS Score

7.5

EPSS Score

0.0%

EPSS Percentile

0th

The Angeet ES3 KVM allows a remote, unauthenticated attacker to write arbitrary files, including configuration files or system binaries. Modified configuration files or system binaries could allow an attacker to take complete control of a vulnerable system.

CWE	CWE-306
Vendor	angeet
Product	es3 kvm
Published	Mar 17, 2026
Last Updated	Mar 17, 2026

Stay Ahead of the Next One

Get instant alerts for angeet es3 kvm

Be the first to know when new high vulnerabilities affecting angeet es3 kvm are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

High

Availability

None

Affected Versions

ANGEET / ES3 KVM

0 < *

References

NVD ↗ CVE.org ↗ EPSS Data ↗

eclypsium.com: https://eclypsium.com/blog/kvm-devices-the-keys-to-your-kingdom-are-hanging-on-the-network/ cve.org: https://www.cve.org/CVERecord?id=CVE-2026-32297 raw.githubusercontent.com: https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/IT/white/2025/va-26-076-01.json

Credits

Reynaldo Vasquez Garcia, Eclypsium