Primary

Context

Axis Communications AXIS OS Privilege Escalation Vulnerability via Improper Input Validation

Vulnerability

Patched

A vulnerability in Axis Communications AXIS OS versions 12.0.0 through 12.10.36 allows for privilege escalation and code execution. This issue arises from improper input validation in a configuration file on the local file system. The vulnerability can only be exploited by an attacker with SSH access to the device.

Impact

Exploitation of this vulnerability could lead to unauthorized code execution and privilege escalation on the affected Axis device.

Remediation

Axis has released a patch for this vulnerability in AXIS OS Active Track 12.10.37. For devices not included in this track but still under support, patches will be provided according to the planned maintenance and release schedule. Users are advised to update their Axis device software to the latest version available.

Added: May 12, 2026, 7:22 AM

Updated: May 12, 2026, 7:22 AM

Vulnerability Rating

Custom Algorithm

spread

6.8

impact

7.5

exploitability

3.5

remediation

7.7

relevance

8.1

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

6.8

impact

7.5

exploitability

3.5

remediation

7.7

relevance

8.1

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Axis Communications AXIS OS Privilege Escalation Vulnerability via Improper Input Validation

Vulnerability

Impact

Remediation

Affected Products

Axis Communications AXIS OS

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating