๐Ÿ” CVE Alert

CVE-2026-58459

HIGH 7.8

gpsd gpsprof Command Injection via gnuplot plot title subtype field

CVSS Score
7.8
EPSS Score
1.8%
EPSS Percentile
76th

gpsd through release-3.27.5, fixed at commit 4c06658, contains a command injection vulnerability in gpsprof that allows attackers who control the GPS device subtype value to execute arbitrary shell commands by embedding backtick payloads in the gnuplot plot title without proper escaping. The subtype field sourced from a DEVICES JSON log entry or NMEA PGRMT sentence is written into a generated gnuplot program via a set title statement with only double-quote characters escaped, enabling arbitrary shell command execution as the user running gnuplot when the victim renders the generated plot through the gpsprof and gnuplot workflow.

CWE CWE-78
Vendor ntpsec
Product gpsd
Published Jul 9, 2026
Last Updated Jul 14, 2026
Stay Ahead of the Next One

Get instant alerts for ntpsec gpsd

Be the first to know when new high vulnerabilities affecting ntpsec gpsd are published โ€” delivered to Slack, Telegram or Discord.

Get Free Alerts โ†’ Free ยท No credit card ยท 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Affected Versions

ntpsec / gpsd
0 โ‰ค 3.27.5 0 โ‰ค 4c06658e988f4ced1a7a574ce082a22ef625df56

References

NVD โ†— CVE.org โ†— EPSS Data โ†—
gitlab.com: https://gitlab.com/gpsd/gpsd/-/work_items/404#note_3534119267 github.com: https://github.com/ntpsec/gpsd/commit/5581ba196d826a984fbfaf792b7d58535f9911ce github.com: https://github.com/ntpsec/gpsd/commit/1a6bb7bcbdf58aa940132e630870af061dc88537 github.com: https://github.com/ntpsec/gpsd/commit/4c06658e988f4ced1a7a574ce082a22ef625df56 vulncheck.com: https://www.vulncheck.com/advisories/gpsd-gpsprof-command-injection-via-gnuplot-plot-title-subtype-field

Credits

CuB3y0nd VulnCheck