CVE-2026-4170

Topsec · TopACM

An OS command injection vulnerability in Topsec TopACM 3.0 allows remote attackers to execute arbitrary commands via the template_path parameter in nmc_sync.php.

Executive summary

A critical OS command injection vulnerability in Topsec TopACM 3.0 permits unauthenticated remote code execution, exposing the system to full compromise.

Vulnerability

This vulnerability is an OS command injection flaw found in the HTTP Request Handler component, specifically within /view/systemConfig/management/nmc_sync.php. An unauthenticated remote attacker can manipulate the template_path argument to execute arbitrary operating system commands with elevated privileges.

Business impact

With a CVSS score of 9.8, this vulnerability poses an extreme threat to business operations. Successful exploitation grants an attacker full control over the affected appliance, enabling data exfiltration, service disruption, and the potential to use the compromised unit as a pivot point into the internal infrastructure.

Remediation

Immediate Action: Contact Topsec support for guidance on security patches or mitigation, as the vendor has not responded to public disclosure.

Proactive Monitoring: Inspect web server logs for anomalous patterns in URL parameters, specifically looking for shell metacharacters in the template_path argument.

Compensating Controls: Utilize a Web Application Firewall (WAF) to block requests containing malicious command injection sequences targeting the nmc_sync.php file.

Exploitation status

Public Exploit Available: Yes

Analyst recommendation

The combination of critical severity and the existence of public exploit code makes this an urgent security issue. If a patch is unavailable, prioritize isolating the appliance from the network and restricting access to the absolute minimum required for operations.