Ismalicious
Two High Severity Vulnerabilities Discovered in Pupsman Software
Ask AI about this cluster
Analyzing cluster data...
Referenced clusters:
Something went wrong. Please try again.
Cluster AI
Ask questions about this threat cluster with AI-powered analysis.
Get Researcher $29.99/moArticle Content
On July 8, 2026, two critical vulnerabilities were disclosed in Pupsman versions prior to 3.9.0, both rated with a CVSS score of 7.8. CVE-2026-56437 involves an uncontrolled path element issue that allows arbitrary code execution with SYSTEM privileges when a crafted DLL is executed. CVE-2026-57895 pertains to incorrect default permissions, enabling attackers to place malicious executables in the installation folder, also leading to arbitrary code execution with SYSTEM privileges. Active exploitation of both vulnerabilities has not been confirmed, and the EPSS scores are N/A%, indicating no estimated probability of exploitation in the next 30 days. Users of Pupsman are urged to check for any indicators of compromise (IOCs) related to these vulnerabilities. Immediate action is recommended to mitigate potential risks.
Key Points: • CVE-2026-56437 and CVE-2026-57895 both have a CVSS score of 7.8, indicating high severity. • Both vulnerabilities allow arbitrary code execution with SYSTEM privileges in Pupsman versions before 3.9.0. • Active exploitation has not been confirmed, but users are advised to monitor for IOCs.