CVE-2026-10539

Severity CVSS v4.0:
CRITICAL
Type:
Unavailable / Other
Publication date:
01/07/2026
Last modified:
01/07/2026

Description

A Control-M/Server communication command does not sufficiently filter or sanitize user-supplied input. Under certain conditions, this issue may allow an unauthenticated attacker to execute unauthorized commands on the affected server, potentially leading to compromise of the server. <br /> <br /> <br /> <br /> This vulnerability affects Control-M/Server versions 9.0.20.x to 9.0.21.200 (included) and potentially earlier unsupported versions.