CVE-2025-56266
CRITICAL NUCLEIAvigilon Access Control Manager - HTTP Request Smuggling
Title source: ruleDescription
A Host Header Injection vulnerability in Avigilon ACM v7.10.0.20 allows attackers to execute arbitrary code via supplying a crafted URL.
Nuclei Templates (1)
Avigilon ACM - Host Header Injection
MEDIUMVERIFIEDby DhiyaneshDK
Scores
CVSS v3
9.8
EPSS
0.0750
EPSS Percentile
91.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-74
CWE-116
CWE-444
Status
published
Products (1)
avigilon/access_control_manager
7.10.0.20
Published
Sep 08, 2025
Tracked Since
Feb 18, 2026