CVE-2026-1185 PUBLISHED

Assigner: Axis
Reserved: 19.01.2026 Published: 12.05.2026 Updated: 12.05.2026

A configuration file on the local file system had improper input validation which could allow code execution and potentially lead to privilege escalation. This vulnerability can only be exploited if an attacker can log in to the Axis device using SSH.

Metrics

CVSS 3.1

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
CVSS Score: 5.4

Attack Vector	Network	Scope	Unchanged
Attack Complexity	Low	Confidentiality Impact	None
Privileges Required	Low	Integrity Impact	Low
User Interaction	None	Availability Impact	Low

CVSS 3.1

Product Status

Vendor	Axis Communications AB
Product	AXIS OS
Versions	Default: unaffected affected from 12.0.0 to 12.10.36 (excl.)

Credits

Cookiejack15 finder

References

https://www.axis.com/dam/public/69/df/8d/cve-2026-1185pdf-en-US-530733.pdf

Problem Types

CWE-732: Incorrect Permission Assignment for Critical Resource CWE