CVE-2026-0795 is an OS command injection vulnerability identified in the ALGO 8180 IP Audio Alerter, a device used for IP-based audio alerting. The vulnerability exists in the device's web-based user interface, specifically due to improper neutralization of special elements in user-supplied input before it is passed to system calls. This flaw, classified under CWE-78, allows an authenticated remote attacker to inject arbitrary OS commands, resulting in remote code execution with the privileges of the device's operating environment. The vulnerability requires authentication, indicating that an attacker must have valid credentials to access the web UI to exploit the flaw. No user interaction beyond authentication is necessary. The CVSS v3.0 score of 7.2 reflects a high severity, with network attack vector, low attack complexity, and high impact on confidentiality, integrity, and availability. Although no public exploits are currently known, the vulnerability poses a significant risk because successful exploitation could allow attackers to control the device, manipulate alerting functions, disrupt communications, or pivot into internal networks. The affected version is 5.5 of the ALGO 8180 IP Audio Alerter, and no patches have been publicly released yet. The vulnerability was reported by the Zero Day Initiative (ZDI) under identifier ZDI-CAN-28321 and published in January 2026.

For European organizations, the impact of this vulnerability can be substantial, particularly for entities relying on ALGO 8180 IP Audio Alerter devices for critical communication and alerting functions such as emergency services, public safety agencies, transportation hubs, and large enterprises. Successful exploitation could lead to unauthorized control over alerting systems, enabling attackers to suppress or falsify alerts, causing operational disruption and safety risks. Additionally, attackers could leverage the compromised device as a foothold to access internal networks, potentially leading to data breaches or lateral movement to more critical infrastructure. The high confidentiality, integrity, and availability impacts mean sensitive information could be exposed or altered, and service availability could be severely affected. Given the device’s role in communication, disruption could have cascading effects on organizational response capabilities and public safety. The requirement for authentication reduces the attack surface but does not eliminate risk, especially if credential management is weak or if attackers gain access through phishing or insider threats.

1. Immediately restrict access to the ALGO 8180 IP Audio Alerter web interface to trusted networks and IP addresses using network segmentation and firewall rules. 2. Enforce strong, unique authentication credentials and implement multi-factor authentication (MFA) if supported to reduce the risk of credential compromise. 3. Monitor authentication logs and system behavior for signs of unauthorized access or anomalous command execution attempts. 4. Apply vendor patches or firmware updates as soon as they become available to remediate the vulnerability. 5. If patches are not yet available, consider disabling or limiting web UI functionality or replacing affected devices with alternatives that do not have this vulnerability. 6. Conduct regular security audits and penetration tests focusing on device management interfaces. 7. Educate administrators on secure credential handling and the risks of command injection vulnerabilities. 8. Implement network intrusion detection systems (NIDS) with signatures or heuristics to detect suspicious command injection attempts targeting the device.