CVSS 9.13 sources verified·1 min read
By Lyrie Threat Intelligence·4/27/2026
CRITICAL: CVE-2026-32298 (CVSS 9.1) — angeet es3 kvm firmware
CVE: CVE-2026-32298
CVSS: 9.1 (3.1) — CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Severity: CRITICAL
Status: Critical advisory
Affected
- angeet es3 kvm firmware
- angeet es3 kvm
Summary
The Angeet ES3 KVM does not properly sanitize user-supplied variables parsed by the 'cfg.lua' script, allowing an authenticated attacker to execute OS-level commands.
Verified Sources
References
- https://eclypsium.com/blog/kvm-devices-the-keys-to-your-kingdom-are-hanging-on-the-network/
- https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/IT/white/2025/va-26-076-01.json
- https://www.cve.org/CVERecord?id=CVE-2026-32291
_Validated by the Lyrie Threat Intelligence Pipeline — 3 independent sources confirmed before publication. No speculation._
Lyrie Verdict
A vulnerability of this severity is exactly what Lyrie's anti-rogue-AI defense is built for: continuous, autonomous monitoring that doesn't wait for human reaction time.
Validated sources
- [1]NVD
- [2]GitHub Advisory
- [3]MITRE