Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1336 CNY

100%

CVE-2026-15544— Shibby Tomato apcupsd tomatodata.cgi getupsvar stack-based overflow

CVSS 8.8 · High EPSS 0.44% · P35

Possible ATT&CK Techniques 1AI

T1190 · Exploit Public-Facing Application

Affected Version Matrix 29

VendorProductVersion RangeStatus
ShibbyTomato1.0affected
1.1affected
1.2affected
1.3affected
1.4affected
1.5affected
1.6affected
1.7affected
… +21 more rows
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2026-15544

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
Shibby Tomato apcupsd tomatodata.cgi getupsvar stack-based overflow
Source: NVD (National Vulnerability Database)
Vulnerability Description
A vulnerability was determined in Shibby Tomato up to 1.28.0000. Affected is the function getupsvar of the file www/apcupsd/tomatodata.cgi of the component apcupsd. This manipulation of the argument Field causes stack-based buffer overflow. The attack may be initiated remotely. The exploit has been publicly disclosed and may be utilized. This project is superseded by FreshTomato.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
栈缓冲区溢出
Source: NVD (National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
ShibbyTomato 1.0 cpe:2.3:a:shibby:tomato:*:*:*:*:*:*:*:*

II. Public POCs for CVE-2026-15544

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2026-15544

登录查看更多情报信息。

Other References for CVE-2026-15544 (1)

Same Patch Batch · Shibby · 2026-07-13 · 5 CVEs total

CVE-2026-155458.8 HIGHShibby Tomato apcupsd tomatodata.cgi main out-of-bounds write
CVE-2026-155488.8 HIGHShibby Tomato DNS List Rendering httpd sub_407220 stack-based overflow
CVE-2026-155466.3 MEDIUMShibby Tomato start_jffs2 sub_2D568 os command injection
CVE-2026-155476.3 MEDIUMShibby Tomato CIFS Mount sub_2D048 os command injection

IV. Related Vulnerabilities

V. Comments for CVE-2026-15544

No comments yet


Leave a comment