CVE-2026-8051: OS Cmd Injection in Ivanti Virtual Traffic Manager <22.9r4
CVE-2026-8051 Published on May 12, 2026

OS command injection in Ivanti Virtual Traffic Manager before version 22.9r4 allows a remote authenticated attacker with admin privileges to achieve remote code execution.

NVD

Vulnerability Analysis

CVE-2026-8051 can be exploited with network access, and requires user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to be very high.

Attack Vector:

NETWORK

Attack Complexity:

LOW

Privileges Required:

HIGH

User Interaction:

NONE

Scope:

UNCHANGED

Confidentiality Impact:

HIGH

Integrity Impact:

HIGH

Availability Impact:

HIGH

Weakness Type

What is a Shell injection Vulnerability?

The software constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

CVE-2026-8051 has been classified to as a Shell injection vulnerability or weakness.

Affected Versions

ivanti Virtual Traffic Manager Version 22.9r4 is unaffected by CVE-2026-8051

CVE-2026-8051: OS Cmd Injection in Ivanti Virtual Traffic Manager <22.9r4CVE-2026-8051 Published on May 12, 2026

Vulnerability Analysis

Weakness Type

What is a Shell injection Vulnerability?

Affected Versions

CVE-2026-8051: OS Cmd Injection in Ivanti Virtual Traffic Manager <22.9r4
CVE-2026-8051 Published on May 12, 2026