CVE-2026-1185
Summary
| CVE | CVE-2026-1185 |
|---|---|
| State | PUBLISHED |
| Assigner | Axis |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2026-05-12 07:16:09 UTC |
| Updated | 2026-05-12 07:16:09 UTC |
| Description | A configuration file on the local file system had improper input validation which could allow code execution and potentially lead to privilege escalation. This vulnerability can only be exploited if an attacker can log in to the Axis device using SSH. |
Risk And Classification
Primary CVSS: v3.1 5.4 MEDIUM from [email protected]
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
Problem Types: CWE-732 | CWE-732 CWE-732: Incorrect Permission Assignment for Critical Resource
| Version | Source | Type | Score | Severity | Vector |
|---|---|---|---|---|---|
| 3.1 | [email protected] | Secondary | 5.4 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L |
| 3.1 | CNA | CVSS | 5.4 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L |
CVSS v3.1 Breakdown
Attack Vector
NetworkAttack Complexity
LowPrivileges Required
LowUser Interaction
NoneScope
UnchangedConfidentiality
NoneIntegrity
LowAvailability
LowCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
Vendor Declared Affected Products
| Source | Vendor | Product | Version | Platforms |
|---|---|---|---|---|
| CNA | Axis Communications AB | AXIS OS | affected 12.0.0 12.10.36 semver | Not specified |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| www.axis.com/dam/public/69/df/8d/cve-2026-1185pdf-en-US-530733.pdf | [email protected] | www.axis.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
Vendor Comments And Credit
Discovery Credit
CNA: Cookiejack15 (en)
There are currently no legacy QID mappings associated with this CVE.