CVE-2026-0787 is an OS command injection vulnerability classified under CWE-78 affecting the ALGO 8180 IP Audio Alerter, a device used for IP-based audio alerting. The flaw resides in the SAC module, where user-supplied input is not properly sanitized before being passed to system calls, allowing an unauthenticated remote attacker to execute arbitrary commands on the device. This can lead to full compromise of the device, enabling attackers to manipulate audio alerts, disrupt communications, or pivot into internal networks. The vulnerability affects version 5.5 of the product and was publicly disclosed on January 23, 2026. The CVSS v3.0 base score is 8.1, indicating high severity, with attack vector as network, no privileges required, no user interaction, and high impact on confidentiality, integrity, and availability. Although no exploits have been reported in the wild yet, the ease of exploitation and critical nature of the device make this a significant threat. The lack of authentication requirement increases the risk of automated attacks. The ALGO 8180 is typically deployed in enterprise and public safety environments for audio alerting, making the impact of compromise potentially severe.

For European organizations, this vulnerability poses a serious risk to operational continuity and security of communication systems relying on ALGO 8180 IP Audio Alerter devices. Successful exploitation could allow attackers to execute arbitrary code, leading to unauthorized control over alerting mechanisms, disruption of emergency or operational communications, and potential lateral movement within networks. This could result in data breaches, denial of critical alerts, and damage to organizational reputation. Public safety agencies, transportation hubs, and large enterprises using these devices for mass notification or security alerts are particularly vulnerable. The absence of authentication for exploitation increases the likelihood of attacks, including automated scanning and exploitation attempts. The impact extends beyond the device itself, potentially affecting integrated systems and services dependent on reliable audio alerting.

Immediate mitigation should focus on network-level controls such as isolating ALGO 8180 devices in dedicated VLANs or network segments with strict access controls to limit exposure. Deploy firewall rules to restrict inbound traffic to trusted management hosts only. Monitor network traffic for unusual command execution patterns or unexpected system calls originating from these devices. Since no official patch links are currently available, organizations should engage with ALGO for firmware updates or advisories. Implement application-layer input validation proxies if possible to sanitize inputs before they reach the device. Regularly audit device configurations and logs for signs of compromise. Consider deploying intrusion detection systems tailored to detect command injection attempts targeting IP audio alerting devices. Finally, establish incident response plans specific to communication infrastructure compromise scenarios.