Vulnerabilities ›

CVE-2026-8217

Medium

CWE-77 — Weakness Type

                    Published: May 10, 2026                      ·  Modified: May 11, 2026                      ·  Source: NVD                

CVSS v3

6.3

🔗 NVD Official

📄 Description (English)

A security flaw has been discovered in Industrial Application Software IAS Canias ERP 8.03. Impacted is the function Runtime.getRuntime.exec of the component RMI Interface. Performing a manipulation of the argument troiaCode results in os command injection. The attack may be initiated remotely. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.

🤖 AI Executive Summary

CVE-2026-8217 is an OS command injection vulnerability in IAS Canias ERP 8.03's RMI Interface that allows remote attackers to execute arbitrary commands by manipulating the troiaCode argument. The vulnerability has a CVSS score of 6.3 and public exploits are available.

📄 Description (Arabic)

يؤثر هذا الثغرة على برنامج IAS Canias ERP الإصدار 8.03 حيث يمكن للمهاجمين البعيدين تنفيذ أوامر نظام التشغيل التعسفية عبر معالجة معاملات troiaCode في مكون واجهة RMI. تم إطلاق استغلالات عامة للثغرة ولم يستجب البائع لمحاولات الإفصاح المبكرة.

🤖 ملخص تنفيذي (AI)

A command injection flaw exists in IAS Canias ERP 8.03 affecting the RMI Interface component, enabling remote code execution through troiaCode parameter manipulation. Public exploits are available and the vendor has not responded to disclosure attempts.

🤖 AI Intelligence Analysis Analyzed: May 18, 2026 23:28

🇸🇦 Saudi Arabia Impact Assessment

Saudi Relevance: high

🏢 Affected Saudi Sectors

manufacturing energy government healthcare

🎯 MITRE ATT&CK Techniques

T1190 T1059 T1021 T1570

⚖️ Saudi Risk Score (AI)

7.0

/ 10.0

🔧 Remediation Steps (English)

Immediately upgrade IAS Canias ERP to a patched version beyond 8.03. Implement network segmentation to restrict RMI Interface access to trusted networks only. Deploy Web Application Firewall (WAF) rules to filter malicious troiaCode parameters. Monitor RMI Interface logs for suspicious activity and command execution patterns. Apply principle of least privilege to application service accounts.

🔧 خطوات المعالجة (العربية)

قم بترقية IAS Canias ERP إلى إصدار مصحح فوراً. طبق تقسيم الشبكة لتقييد الوصول إلى واجهة RMI للشبكات الموثوقة فقط. نشر قواعد جدار حماية تطبيقات الويب لتصفية معاملات troiaCode الضارة. راقب سجلات واجهة RMI للنشاط المريب وأنماط تنفيذ الأوامر. طبق مبدأ أقل صلاحية على حسابات خدمة التطبيق.

📋 Regulatory Compliance Mapping

🟢 NCA ECC 2024

5.1 5.2 6.1 7.2

🔵 SAMA CSF

ID.BE-1 PR.AC-1 PR.AC-3 DE.CM-1

🟡 ISO 27001:2022

A.5.1.1 A.6.1.1 A.9.1.1 A.12.6.1

🔗 References & Sources 4

🔗

https://gist.github.com/0xb1lal/6ccc2356e7e0a26f7b8a6bd6f0d84bbb

cna@vuldb.com

🔗

https://vuldb.com/submit/808262

cna@vuldb.com

🔗

https://vuldb.com/vuln/362434

cna@vuldb.com

🔗

https://vuldb.com/vuln/362434/cti

cna@vuldb.com

📊 CVSS Score

6.3

/ 10.0 — Medium

📊 CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Attack VectorN — None / Network

Attack ComplexityL — Low / Local

Privileges RequiredL — Low / Local

User InteractionN — None / Network

ScopeU — Unchanged

ConfidentialityL — Low / Local

IntegrityL — Low / Local

AvailabilityL — Low / Local

📋 Quick Facts

Severity Medium

CVSS Score6.3

CWECWE-77

EPSS1.23%

Exploit No

Patch ✗ No

Published 2026-05-10

Source Feed nvd

🇸🇦 Saudi Risk Score

7.0

/ 10.0 — Saudi Risk

Priority: HIGH

🏷️ Tags

CWE-77

⚡ Actions

🔗 NVD Official Page ⚡ Exploit-DB Search 🐙 GitHub PoC Search 🎯 MITRE ATT&CK 📊 CVE Details

CVE-2026-8217

Introduce Yourself

Sign In Required