CVE-2026-58479

Sustainable Irrigation Platform (SIP) through version 5.2.16 contains a command injection vulnerability in the optional cli_control plugin that allows unauthenticated or cross-site request forgery attackers to execute arbitrary operating-system commands by storing a malicious payload via the plugin's HTTP endpoint. Attackers can trigger execution by activating the associated irrigation station, exploiting the absence of passphrase protection or the default passphrase 'opendoor', to achieve arbitrary command execution on the underlying host.
Configurations

Configuration 1 (hide)

cpe:2.3:a:dan-in-ca:sustainable_irrigation_platform:*:*:*:*:*:*:*:*

History

14 Jul 2026, 18:45

Type Values Removed Values Added
CPE cpe:2.3:a:dan-in-ca:sustainable_irrigation_platform:*:*:*:*:*:*:*:*
First Time Dan-in-ca
Dan-in-ca sustainable Irrigation Platform
References () https://www.vulncheck.com/advisories/sustainable-irrigation-platform-rce-via-cli-control-plugin-command-injection - () https://www.vulncheck.com/advisories/sustainable-irrigation-platform-rce-via-cli-control-plugin-command-injection - Third Party Advisory
References () https://www.zeroscience.mk/#/advisories/ZSL-2026-5999 - () https://www.zeroscience.mk/#/advisories/ZSL-2026-5999 - Exploit, Third Party Advisory

14 Jul 2026, 15:17

Type Values Removed Values Added
New CVE

Information

Published : 2026-07-14 15:17

Updated : 2026-07-14 23:17


NVD link : CVE-2026-58479

Mitre link : CVE-2026-58479

CVE.ORG link : CVE-2026-58479


JSON object : View

Products Affected

dan-in-ca

  • sustainable_irrigation_platform
CWE
CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')