CVE-2026-10539
Severity CVSS v4.0:
CRITICAL
Type:
Unavailable / Other
Publication date:
01/07/2026
Last modified:
01/07/2026
Description
A Control-M/Server communication command does not sufficiently filter or sanitize user-supplied input. Under certain conditions, this issue may allow an unauthenticated attacker to execute unauthorized commands on the affected server, potentially leading to compromise of the server. <br />
<br />
<br />
<br />
This vulnerability affects Control-M/Server versions 9.0.20.x to 9.0.21.200 (included) and potentially earlier unsupported versions.
Impact
Base Score 4.0
9.50
Severity 4.0
CRITICAL
Base Score 3.x
9.00
Severity 3.x
CRITICAL



