Security Updates - CVE Database
Home » Security Updates ยป CVE-2026-12370

Remote Code Execution via NCM Configlet - CVE-2026-12370

Severity: High

CVE ID: CVE-2026-12370

Product name Affected Version(s) Fixed Version(s) Fixed On
OpManager
OpManager Nexus
OpManager MSP
NetFlow Analyzer
Network Configuration Manager		 12.8.667 and Below 12.8.668 (check steps to upgrade) 13-06-2026
12.8.676 to 12.8.722 12.8.736 19-06-2026
12.8.732 to 12.8.735
12.8.746 to 12.9.100 12.9.101 (contact support) 12-06-2026

Details:

General: Previously, there was a Server-Side Template Injection (SSTI) vulnerability in Configlet processing that could potentially lead to remote code execution (RCE). This issue has now been fixed.

Steps to upgrade:

  1. Kindly download the latest upgrade pack from the following links for the respective products:
  2. Apply the latest build to your existing product installation as per the upgrade pack instructions provided in the above links.

Source and Acknowledgements

This vulnerability was reported by C & N.

Kindly contact our product support team for further details, at the below mentioned email address:

 
Related Products
 Pricing  Get Quote

Why OpManager

Features

Sectors

Quick links

Company

Training and Support

Connect with us:

     

ManageEngine is a division of Zoho Corp.