securityonline.info 7/8/2026, 5:12:01 PM · external

Network UPS Tools RCE Flaw Affects upsmon, With No Patch Yet

Network UPS Tools RCE Flaw Affects upsmon, With No Patch Yet

THE page discusses critical cybersecurity vulnerabilities affecting various software, specifically listing four active exploits including CVE-2026-48908, CVE-2026-55255, CVE-2026-56290, and CVE-2026-48282. It highlights a particular remote code execution vulnerability in Network UPS Tools, identified as CVE-2026-54161, with a CVSS score of 8.1. This flaw allows attackers to execute commands as root through a compromise of the ups.alarm parameter.

The critical nature of the vulnerability is due to NUT's broad deployment across Linux distributions and appliances. Current versions affected include 2.8.3, 2.8.4, and 2.8.5, with no patch available as of the publication date, although a fix is in the works. Recommendations include avoiding EXEC in alarms and securing the network.

View Primary Source Via securityonline.info

Article by CyberSIXT

Timeline Coverage

Swipe to explore timeline