CVE-2026-4170 is an OS command injection vulnerability identified in Topsec TopACM version 3.0. The flaw exists in the HTTP request handler component, specifically within the file /view/systemConfig/management/nmc_sync.php. An attacker can manipulate the 'template_path' parameter to inject and execute arbitrary operating system commands remotely. This vulnerability does not require any authentication or user interaction, making it highly exploitable over the network. The CVSS 4.0 base score is 9.3, reflecting its critical severity due to the ease of exploitation and the high impact on confidentiality, integrity, and availability. The vulnerability was responsibly disclosed to the vendor, who has not responded or provided a patch. The exploit code has been publicly released, increasing the likelihood of exploitation attempts. This vulnerability could allow attackers to take full control of affected systems, execute malicious payloads, disrupt services, or exfiltrate sensitive data. The lack of vendor response and patch availability necessitates immediate defensive actions by organizations using TopACM 3.0.

The impact of CVE-2026-4170 is severe for organizations worldwide using Topsec TopACM 3.0. Successful exploitation can lead to full system compromise, allowing attackers to execute arbitrary commands with the privileges of the application. This can result in data breaches, service disruption, installation of persistent malware, lateral movement within networks, and potential destruction or alteration of critical data. Given the critical nature of Topsec products in network management and security monitoring, exploitation could undermine organizational security postures and disrupt operational continuity. The public availability of exploit code increases the risk of widespread attacks, including automated scanning and exploitation by opportunistic threat actors. Organizations in sectors relying on Topsec for network control and security, such as telecommunications, government, and critical infrastructure, face heightened risks of espionage, sabotage, and data theft.

Since no official patch is currently available from the vendor, organizations should implement immediate compensating controls. These include restricting network access to the affected TopACM management interfaces using firewalls and network segmentation to limit exposure to trusted administrators only. Employ web application firewalls (WAFs) with custom rules to detect and block suspicious input patterns targeting the 'template_path' parameter. Conduct thorough input validation and sanitization at network boundaries if possible. Monitor logs for unusual command execution attempts or anomalous HTTP requests to /view/systemConfig/management/nmc_sync.php. Consider deploying intrusion detection/prevention systems (IDS/IPS) tuned to detect exploitation attempts. If feasible, isolate or decommission vulnerable instances until a vendor patch is released. Engage with Topsec support channels persistently for updates and patches. Finally, prepare incident response plans to rapidly address potential compromises stemming from this vulnerability.