{"id":"CVE-2026-24712","details":"Northern.tech CFEngine Enterprise and Community before 3.21.8, 3.24.3, and 3.27.0 allows Command injection.","modified":"2026-07-15T02:17:55.830284887Z","published":"2026-05-14T00:00:00Z","database_specific":{"unresolved_ranges":[{"source":"DESCRIPTION","extracted_events":[{"fixed":"3.21.8"}]}],"cna_assigner":"mitre","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/24xxx/CVE-2026-24712.json"},"references":[{"type":"WEB","url":"https://northern.tech"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/24xxx/CVE-2026-24712.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-24712"},{"type":"ARTICLE","url":"https://cfengine.com/blog/2026/cve-2026-24710-and-cve-2026-24711-and-cve-2026-24712/"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/cfengine/core","events":[{"introduced":"0"},{"fixed":"91a3e9a8a96d0d529baa47157bcc5baaab0952a3"},{"introduced":"d90d250d9e8c467c25572a17790e7f4f153939f7"},{"fixed":"1e1338477512ae527559eb292073f929f7d21a1d"},{"introduced":"a789816473bfe8c532928c8513fc366893804cc8"},{"last_affected":"a789816473bfe8c532928c8513fc366893804cc8"}],"database_specific":{"cpe":["cpe:2.3:a:northern.tech:cfengine:*:*:*:*:enterprise:*:*:*","cpe:2.3:a:northern.tech:cfengine:3.26.0:*:*:*:enterprise:*:*:*"],"extracted_events":[{"introduced":"0"},{"fixed":"3.21.8"},{"introduced":"3.24.0"},{"fixed":"3.24.3"},{"introduced":"3.26.0"},{"last_affected":"3.26.0"}],"source":["CPE_RANGE","CPE_STRING"]}}],"versions":["3.26.0","3.24.3-build5","3.24.3-build4","3.24.3-build3","3.21.8-build3","3.21.8-build2","3.21.8-build1","3.24.3-build2","3.24.3-build1","3.24.2-build5","3.24.2-build4","3.24.2","3.26.0-build3","3.21.7-build5","3.21.7-build4","3.21.7","3.24.2-build3","3.21.7-build3","3.21.7-build2","3.24.2-build2","3.24.2-build1","3.21.7-build1","3.21.6-build5","3.21.6","3.24.1-build5","3.24.1","3.24.1-build4","3.24.1-build3","3.21.6-build4","3.21.6-build3","3.21.6-build2","3.24.1-build2","3.21.6-build1","3.24.1-build1","3.24.0-build9","3.24.0-build8","3.24.0-build7","3.24.0","3.21.5-build4","3.21.5","3.21.5-build3","3.21.5-build2","3.21.5-build1","3.21.4-build3","3.21.4","3.21.4-build2","3.21.4-build1","3.21.3-build4","3.21.3-build3","3.21.3","3.21.3-build2","3.21.3-build1","3.21.2-build4","3.21.2-build3","3.21.2","3.21.2-build2","3.21.2-build1","3.21.1-build1","3.21.1","3.21.0-build11","3.21.0-build10","3.21.0","3.21.0-build9","3.21.0-build8","3.21.0-build7","3.21.0-build6","3.21.0-build5","3.21.0-build4","3.21.0-build3","3.21.0-build2","3.21.0-build1","3.20.0-build4","3.20.0-build3","3.20.0-build2","3.20.0-build1","3.20.0-2-build1","3.20.0-2","3.20.0","3.19.0-build2","3.19.0","3.19.0-build1","3.18.0-build3","3.18.0-2-build2","3.18.0-2-build1","3.18.0-2","3.18.0-1-build3","3.18.0-1-build2","3.18.0-1-build1","3.18.0","3.18.0-build2","3.18.0-build1","3.17.0-build1","3.17.0","3.16.0-build1","3.16.0","3.15.0-build2","3.15.0-build1","3.15.0b1-build4","3.15.0b1","3.15.0b1-build3","3.15.0b1-build2","3.15.0b1-build1","3.14.0-build4","3.14.0-2-build1","3.14.0-2","3.14.0","3.14.0-build3","3.14.0-build2","3.14.0-build1","3.13.0-build2","3.13.0","3.13.0-build1","3.12.0b1-build2","3.12.0b1","3.12.0b1-build1","3.12.0a1-build1","3.10.0b1-build1","3.8.0b1-build2","3.8.0b1-build1","3.6.x-branchpoint","3.6rc-build2","3.6rc","3.6.0eb2-build2","3.6.0eb2-build1","3.6.0eb1-build2","3.6.0eb1-build1","3.6.0b2-build5","3.6.0b2","3.6.0b2-build4","3.6.0b2-build3","3.6.0b2-build1","3.6.0b1-build4","3.6.0b1","3.6.0b1-build3","3.6.0b1-build2","3.6.0b1-build1","v3.6.0a0","3.5.x-branchpoint","3.5.0b1","3.5.0a2","3.5.0a1","3.4.x-branchpoint","3.4.0a1","3.3.x-branchpoint","svn-migration-point"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-24712.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"}]}