top of page
perceptive_background_267k.jpg

A weakness has been identified in Topsec TopACM 3.0. Affected by this vulnerability is an unknown functionality of the file /view/systemConfig/management/nmc_sy…

Published:

15 maart 2026 om 23:00:00

Alert date:

16 maart 2026 om 16:21:26

Source:

nvd.nist.gov

Click to open the original link from this advisory

Network Infrastructure, Web Technologies, Zero-Day Vulnerabilities

CVE-2026-4170 identifies a critical OS command injection vulnerability in Topsec TopACM 3.0. The vulnerability affects the HTTP Request Handler component, specifically the file /view/systemConfig/management/nmc_sync.php. Attackers can manipulate the template_path argument to execute arbitrary OS commands remotely. The exploit has been publicly disclosed and is available for potential attacks. The vendor was contacted about the disclosure but has not responded to the security researchers.

Technical details

Mitigation steps:

Affected products:

Topsec TopACM 3.0

Related links:

https://nvd.nist.gov/vuln/detail/CVE-2026-4170
https://my.feishu.cn/docx/EAFFdhzoeodDxfxeazNcxBzCnRf?from=from_copylink
https://vuldb.com/?ctiid.351077
https://vuldb.com/?id.351077
https://vuldb.com/?submit.769768

Related CVE's:

Related threat actors:

IOC's:

/view/systemConfig/management/nmc_sync.php

This article was created with the assistance of AI technology by Perceptive.

About us

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Deze website toont informatie afkomstig van externe bronnen; Perceptive aanvaardt geen verantwoordelijkheid voor de juistheid, volledigheid of actualiteit van deze informatie.

bottom of page