Vulnerability Description: - OS Command Injection in via unsanitized in - Severity: Critical (10.0/10) Affected Package: - Affected Versions: - Patched Versions: - None CVSS v3 Base Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: Low - User Interaction: None - Scope: Changed - Confidentiality: High - Integrity: High - Availability: High CVE ID: - Weaknesses: - No CWEs Details: - Vulnerability exists in , lines 149-191. - method constructs a shell command by directly using user-controlled parameter and executes it via . PoC: - The demo script shows different types of command injection. Impact: - Any authenticated user with permission to create or edit a network path monitor can execute arbitrary commands on the Probe server(s).