Primary

Context

Axis Communications VAPIX API Remote Code Execution Vulnerability in mediaclip.cgi

Vulnerability

Patched

A remote code execution vulnerability has been identified in the VAPIX API component mediaclip.cgi, within AXIS OS versions 12.6.54 through 12.7.35. This vulnerability arises from inadequate input validation, allowing authenticated users with operator or administrator privileges to execute arbitrary code remotely.

Impact

Exploitation of this vulnerability allows for remote code execution on the affected device.

Remediation

Axis has released a patch for this vulnerability in AXIS OS Active Track 12.7.36. Devices not included in this track but still under support will receive a patch according to their planned maintenance and release schedule. It is recommended to update to the latest Axis device software, available through the Axis vulnerability management portal.

Added: Feb 10, 2026, 9:08 AM

Updated: Feb 10, 2026, 9:08 AM

Vulnerability Rating

Custom Algorithm

spread

6.8

impact

7.5

exploitability

4.4

remediation

7.7

relevance

2.7

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

6.8

impact

7.5

exploitability

4.4

remediation

7.7

relevance

2.7

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Axis Communications VAPIX API Remote Code Execution Vulnerability in mediaclip.cgi

Vulnerability

Impact

Remediation

Affected Products

Axis OS

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating