HIGH SeverityCVSS 3.17.2CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CVE-2026-8051

Last updated May 12, 2026 · Published May 12, 2026

Description

OS command injection in Ivanti Virtual Traffic Manager before version 22.9r4 allows a remote authenticated attacker with admin privileges to achieve remote code execution.

Affected products

1 listed

ivanti:Virtual Traffic Manager

Mappings

CWE

CWE-78

CAPEC

CAPEC-248

Research

Command injection: how it works and how to prevent itCommand injection happens when untrusted input reaches a shell or process spawn. Avoid the shell, pass…
Prompt InjectionCovers how adversarial prompts can subvert LLM behavior or trigger unintended actions. Provides defense in…

Guides

Prompt injection prevention: a practical guide for LLM applicationsPrompt injection is the SQL injection of LLM applications. Separate trusted instructions from user input, gate…
LLM Tool-Calling SecurityAllowlists, validation, and least-privilege execution.
Securing RAG PipelinesPrevent data exfiltration and prompt hijacking.

Training

Injection TodaySQL, NoSQL, ORM, and LLM injection - what's changed and what hasn't.
AI Integration SecurityPrompt injection, model poisoning, and securing LLM-powered features.
Input Validation and Schema EnforcementValidate early, validate strictly - schemas, allowlists, and type-safe boundaries.

CVE-2026-8051

Description

Affected products

Mappings

Related