CVE-2026-57999

HIGH 8.8

luci-app-tailscale-community - Command Injection via tailscale.do_login RPC

CVSS Score

8.8

EPSS Score

0.0%

EPSS Percentile

0th

luci-app-tailscale-community contains a command injection vulnerability in the tailscale.do_login RPC method that allows authenticated users to execute arbitrary commands as root. The vulnerability exists because user-controlled loginserver and loginserver_authkey parameters are improperly quoted within a double-quoted shell command, allowing shell substitutions like $() to be evaluated by the outer shell before argument processing.

CWE	CWE-78
Vendor	openwrt
Product	luci
Published	Jun 29, 2026

Stay Ahead of the Next One

Get instant alerts for openwrt luci

Be the first to know when new high vulnerabilities affecting openwrt luci are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Affected Versions

openwrt / luci

0 ≤ 0.11.1

References

NVD ↗ CVE.org ↗ EPSS Data ↗

github.com: https://github.com/openwrt/luci/security/advisories/GHSA-xwc5-mx58-rh35 vulncheck.com: https://www.vulncheck.com/advisories/luci-app-tailscale-community-command-injection-via-tailscale-do-login-rpc

Credits

🔍 lujie (@lujiefsi)