Primary

Context

Nuvation Energy Multi-Stack Controller OS Command Injection Vulnerability

Vulnerability

A vulnerability allowing OS command injection has been identified in Nuvation Energy's Multi-Stack Controller (MSC) versions 2.3.8 prior to 2.5.1. This vulnerability arises from improper neutralization of special elements used in OS commands, allowing for unauthorized command execution on the operating system.

Impact

Exploitation of this vulnerability allows for OS command injection, where an attacker can execute arbitrary commands on the server's operating system.

Remediation

Users are advised to update their Multi-Stack Controller to version 2.5.1. Consult Nuvation's documentation for instructions on enabling authentication and setting a strong password. Security-conscious users may also wish to restrict access to the nCloud service if it is not necessary for their operations.

Added: Jan 2, 2026, 10:18 PM

Updated: Jan 2, 2026, 10:18 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

5.2

remediation

7.7

relevance

1.8

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

5.2

remediation

7.7

relevance

1.8

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Nuvation Energy Multi-Stack Controller OS Command Injection Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating