CVE-2026-0779 is an OS command injection vulnerability classified under CWE-78 affecting the ALGO 8180 IP Audio Alerter, a device used for IP-based audio alerting. The vulnerability exists in the device’s web-based user interface where a user-supplied string is incorporated into a system call without proper sanitization or validation. This improper neutralization of special elements allows an authenticated remote attacker to inject arbitrary OS commands, leading to remote code execution (RCE) within the context of the device’s operating system. The vulnerability requires authentication, which means an attacker must have valid credentials or exploit other means to gain access to the device’s management interface. The CVSS v3.0 score of 7.2 reflects a high severity due to the network attack vector, low attack complexity, and high impact on confidentiality, integrity, and availability. The flaw was identified and assigned by the Zero Day Initiative (ZDI) under ZDI-CAN-25568 and published in January 2026. No public exploits have been reported yet, but the potential for impactful attacks exists given the device’s role in alerting and communication systems. The affected version is 5.5 of the ALGO 8180 IP Audio Alerter. The lack of vendor patch links suggests that remediation may still be pending or in progress.

For European organizations, this vulnerability poses a significant risk, especially for entities relying on ALGO 8180 IP Audio Alerter devices in critical communication infrastructures such as emergency services, public safety, transportation, and industrial control systems. Successful exploitation could allow attackers to execute arbitrary commands, potentially disrupting alerting functions, causing denial of service, or enabling lateral movement within networks. Confidentiality could be compromised if attackers extract sensitive information from the device or network. Integrity is at risk as attackers could manipulate alert messages or system configurations. Availability could be impacted by causing device crashes or persistent compromise. Given the device’s role in alerting, disruption could have cascading effects on operational safety and response times. The requirement for authentication limits exposure but does not eliminate risk, as credential theft or insider threats could facilitate exploitation.

Organizations should implement the following specific measures: 1) Immediately inventory and identify all ALGO 8180 IP Audio Alerter devices running version 5.5. 2) Restrict administrative interface access to trusted networks and IP addresses using network segmentation and firewall rules. 3) Enforce strong authentication policies, including complex passwords and multi-factor authentication where possible, to reduce the risk of credential compromise. 4) Monitor device logs and network traffic for unusual commands or access patterns indicative of exploitation attempts. 5) Engage with ALGO or authorized vendors to obtain and apply patches or firmware updates as soon as they become available. 6) If patches are delayed, consider temporary mitigations such as disabling the vulnerable web interface or limiting its functionality. 7) Conduct regular security assessments and penetration tests focusing on device management interfaces. 8) Educate administrators on the risks of OS command injection and the importance of secure configuration.