CVE-2026-15545 PUBLISHED

Shibby Tomato apcupsd tomatodata.cgi main out-of-bounds write

Assigner: VulDB
Reserved: 12.07.2026 Published: 13.07.2026 Updated: 13.07.2026

A vulnerability was identified in Shibby Tomato up to 1.28.0000. Affected by this vulnerability is the function main of the file www/apcupsd/tomatodata.cgi of the component apcupsd. Such manipulation leads to out-of-bounds write. The attack may be launched remotely. The exploit is publicly available and might be used. This project is superseded by FreshTomato.

Metrics

CVSS Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P
CVSS Score: 8.7

Product Status

Vendor Shibby
Product Tomato
Versions
  • Version 1.0 is affected
  • Version 1.1 is affected
  • Version 1.2 is affected
  • Version 1.3 is affected
  • Version 1.4 is affected
  • Version 1.5 is affected
  • Version 1.6 is affected
  • Version 1.7 is affected
  • Version 1.8 is affected
  • Version 1.9 is affected
  • Version 1.10 is affected
  • Version 1.11 is affected
  • Version 1.12 is affected
  • Version 1.13 is affected
  • Version 1.14 is affected
  • Version 1.15 is affected
  • Version 1.16 is affected
  • Version 1.17 is affected
  • Version 1.18 is affected
  • Version 1.19 is affected
  • Version 1.20 is affected
  • Version 1.21 is affected
  • Version 1.22 is affected
  • Version 1.23 is affected
  • Version 1.24 is affected
  • Version 1.25 is affected
  • Version 1.26 is affected
  • Version 1.27 is affected
  • Version 1.28.0000 is affected

Credits

  • VulDB Gitee Analyzer tool
  • VulDB CNA Team coordinator

References

Problem Types

  • Out-of-bounds Write CWE
  • Memory Corruption CWE