Command Injection Affecting linuxfabrik-lib package, versions [,5.0.0)


Severity

Recommended
0.0
high
0
10

CVSS assessment by Snyk's Security Team. Learn more

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Snyk Learn

Learn about Command Injection vulnerabilities in an interactive lesson.

Start learning
  • Snyk IDSNYK-PYTHON-LINUXFABRIKLIB-17872183
  • published6 Jul 2026
  • disclosed6 Jul 2026
  • creditUnknown

Introduced: 6 Jul 2026

NewCVE-2026-55426  (opens in a new tab)
CWE-78  (opens in a new tab)

How to fix?

Upgrade linuxfabrik-lib to version 5.0.0 or higher.

Overview

linuxfabrik-lib is a Python libraries used in various Linuxfabrik projects, including the 'Linuxfabrik Monitoring Plugins' project.

Affected versions of this package are vulnerable to Command Injection via the shell_exec function. An attacker can execute arbitrary commands with elevated privileges by injecting malicious input into command arguments that are passed to the shell. This is only exploitable if the affected plugin is listed in the sudoers file, allowing a user with limited privileges to escalate to root.

CVSS Base Scores

version 4.0
version 3.1