CVE-2021-26726

HIGH

Valmet Dna < 2021 - Remote Code Execution

Title source: rule

Description

A remote code execution vulnerability affecting a Valmet DNA service listening on TCP port 1517, allows an attacker to execute commands with SYSTEM privileges This issue affects: Valmet DNA versions from Collection 2012 until Collection 2021.

References (2)

[Third Party Advisory] https://www.nozominetworks.com/labs/vulnerability-advisories/cve-2021-26726/

[Vendor Advisory] https://www.valmet.com/about-us/research-and-development/vulnerabilityadvisories/

Scores

CVSS v3 8.8

EPSS 0.0108

EPSS Percentile 77.9%

Attack Vector ADJACENT_NETWORK

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-209 CWE-272 CWE-330 CWE-78 CWE-305

Status published

Products (1)

valmet/dna 2012 - 2021

Published Feb 16, 2022

Tracked Since Feb 18, 2026