CVE-2026-23759 is an OS command injection vulnerability identified in Perle Systems IOLAN STS terminal servers running firmware versions prior to 6.0. The vulnerability stems from improper neutralization of special elements (CWE-78) in the restricted shell environment accessible via Telnet or SSH. Specifically, the 'ps' command within this shell does not sanitize user-supplied arguments before passing them to a shell invocation ('sh -c') executed with root privileges. This flaw allows an authenticated attacker, who can log into the device, to append shell metacharacters or commands after the 'ps' subcommand, resulting in arbitrary command execution as root. The root-level execution grants complete control over the device, enabling actions such as installing malware, modifying configurations, or pivoting within the network. The vulnerability requires authentication but no additional user interaction, making it a significant risk in environments where credential compromise or insider threats exist. The CVSS 4.0 score of 8.6 reflects the network attack vector, low attack complexity, no privileges beyond authentication needed, and high impact on confidentiality, integrity, and availability. No public exploits have been reported yet, but the vulnerability's nature makes it a critical concern for affected organizations. The lack of a patch link indicates that a firmware update addressing this issue may be forthcoming or in development. The vulnerability affects all IOLAN STS/SCS terminal server models with firmware prior to version 6.0, which are commonly used in industrial, telecommunications, and enterprise environments for serial device connectivity and management.

The impact of CVE-2026-23759 is severe for organizations using affected Perle IOLAN STS terminal servers. Successful exploitation results in full root-level compromise of the device, allowing attackers to execute arbitrary commands, modify or disrupt device operations, and potentially gain a foothold within the internal network. This can lead to unauthorized data access, disruption of critical serial device communications, and lateral movement to other network assets. Given that these terminal servers often manage serial connections for industrial control systems, telecommunications infrastructure, or enterprise hardware, compromise could disrupt operational technology environments or critical business processes. The vulnerability's exploitation could facilitate espionage, sabotage, or ransomware deployment. Since exploitation requires authentication, the risk is heightened in scenarios where credentials are weak, reused, or compromised. The absence of known exploits in the wild currently reduces immediate risk but does not diminish the urgency for remediation, as attackers may develop exploits rapidly once details are public. Overall, the vulnerability poses a significant threat to confidentiality, integrity, and availability of systems relying on these terminal servers.

To mitigate CVE-2026-23759, organizations should take the following specific actions: 1) Immediately identify and inventory all Perle IOLAN STS/SCS terminal servers in their environment and verify firmware versions. 2) Upgrade all affected devices to firmware version 6.0 or later once available, as this version addresses the vulnerability by properly sanitizing command arguments. 3) Restrict administrative access to these devices by enforcing strong authentication mechanisms, such as multi-factor authentication, and limiting access to trusted personnel only. 4) Disable Telnet access if possible, favoring SSH with hardened configurations to reduce attack surface. 5) Implement network segmentation to isolate terminal servers from general user networks and limit exposure to potential attackers. 6) Monitor device logs and network traffic for unusual command executions or login attempts indicative of exploitation attempts. 7) Regularly rotate and enforce strong passwords for device accounts to reduce risk from credential compromise. 8) If immediate firmware upgrade is not feasible, consider disabling or restricting use of the vulnerable 'ps' command or the restricted shell access, if configurable, to limit exploitation vectors. 9) Engage with Perle Systems support for official patches, advisories, and guidance. These targeted measures go beyond generic advice by focusing on access control, monitoring, and device-specific configurations.