| Advisory ID | Severity | Release Date | Reported By | CVE ID |
| HSVD-2026-0008 | High | June 18, 2026 | External submission | N/A |
Overview
Hillstone HSA contains an arbitrary command execution vulnerability that can be exploited by a low-privilege account. The vulnerability exists because the system does not properly validate input from authenticated users and directly concatenates it into system commands, resulting in remote code execution.
Affected Products & Fix Versions
| PRODUCT | AFFECTED VERSIONS | FIX VERSION |
|---|---|---|
| HSA | Versions prior to HSA2.22.7 | HSA2.22.7 |
Remediation & Mitigation
- Repair by upgrading the version.
Contact & Reporting
For technical support and detailed remediation guidance, contact Hillstone Networks support at +1-800-930-6707.
To report security issues in Hillstone products, email PSIRT@hillstonenet.com. Hillstone follows responsible disclosure principles and applicable regulations when handling product security incidents.
Legal notice — Without written authorization from Hillstone Networks, no organization or individual may modify, excerpt, or disseminate the content of this advisory for commercial purposes.
Recent Comments