CVE-2026-3820

HIGH

Supermicro AS-2115HS-TNR BMC SMTP - OS Command Injection

Title source: manual

Description

There is a vulnerability in the Supermicro BMC SMTP service at Supermicro AS-2115HS-TNR. An attacker may obtain administrator privileges and inject specially crafted characters into the SMTP service configuration. This may cause the underlying system to execute unintended commands during process invocation. Potential impact includes denial-of-service attacks, arbitrary code execution, or permanent compromise of the controller.

References (1)

Core 1

Core References

https://www.supermicro.com/en/support/security_BMC_IPMI_Jun_2026

Scores

CVSS v3 7.2

EPSS 0.0040

EPSS Percentile 31.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-78

Status published

Products (2)

SMCI/AS-2115HS-TNR 01.06.04

SMCI/AS-2115HS-TNR 01.08.01

Published Jun 04, 2026

Tracked Since Jun 04, 2026