CVE-2026-4170 is an OS command injection vulnerability identified in Topsec TopACM version 3.0, affecting the HTTP request handler component located at /view/systemConfig/management/nmc_sync.php. The vulnerability stems from insufficient input validation and sanitization of the 'template_path' parameter, which can be manipulated by an unauthenticated remote attacker to execute arbitrary operating system commands on the affected server. This type of vulnerability allows attackers to gain control over the underlying system, potentially leading to unauthorized data access, system disruption, or pivoting to other internal resources. The exploit code has been publicly disclosed, increasing the risk of exploitation by malicious actors. The vendor was notified early but has not issued any response or patch, leaving systems exposed. The vulnerability does not require any authentication or user interaction, making it highly exploitable over the network. The CVSS v4.0 score is 9.3, indicating a critical severity level due to the combination of remote exploitability, no required privileges, and high impact on confidentiality, integrity, and availability. No mitigations or patches have been officially released, and the affected version is specifically TopACM 3.0.

The impact of CVE-2026-4170 is severe for organizations using Topsec TopACM 3.0. Successful exploitation allows remote attackers to execute arbitrary OS commands, leading to full system compromise. This can result in unauthorized access to sensitive data, disruption or destruction of services, installation of persistent malware, and lateral movement within the network. Given that the vulnerability requires no authentication and no user interaction, it significantly lowers the barrier for attackers, including automated bots and opportunistic threat actors. The public availability of exploit code further increases the risk of widespread attacks. Organizations in critical infrastructure sectors, government, and enterprises relying on TopACM for security management or network configuration are particularly at risk. The lack of vendor response and absence of patches exacerbate the threat, potentially leading to prolonged exposure and exploitation opportunities.

In the absence of an official patch from Topsec, organizations should implement immediate compensating controls. These include restricting network access to the affected TopACM management interfaces using firewalls or VPNs to limit exposure to trusted administrators only. Employ web application firewalls (WAFs) with custom rules to detect and block suspicious input patterns targeting the 'template_path' parameter. Conduct thorough monitoring and logging of all requests to the vulnerable endpoint to detect exploitation attempts early. If possible, isolate the affected system in a segmented network zone to reduce lateral movement risk. Organizations should also consider deploying host-based intrusion detection systems (HIDS) to identify unusual command executions. Regular backups and incident response plans should be updated to prepare for potential compromise. Finally, maintain active communication with Topsec for updates and apply any future patches promptly once available.