Axis os

This hub aggregates every CVE we track for Axis os, a product in the ics ot iot space. Use it to gauge the current risk picture and drill into individual advisories.

Severity distribution

Monthly trend

The 15 most recently published vulnerabilities affecting Axis os.

• CVE-2026-1185A configuration file on the local file system had improper input validation which could allow code execution and potentially lead to privilege escalation. This vulnerability can only be exploited i...5.4May 12, 2026
• CVE-2026-0804An ACAP configuration file lacked sufficient input validation, which could allow a path traversal attack leading to potential privilege escalation. This vulnerability can only be exploited if the A...6.7May 12, 2026
• CVE-2026-0802An ACAP configuration file lacked sufficient input validation, which could allow command injection and potentially lead to privilege escalation. This vulnerability can only be exploited if the Axis...6.0May 12, 2026
• CVE-2026-0541ACAP applications can gain elevated privileges due to improper input validation during the installation process, potentially leading to privilege escalation. This vulnerability can only be exploite...6.7May 12, 2026
• CVE-2025-11142The VAPIX API mediaclip.cgi that did not have a sufficient input validation allowing for a possible remote code execution. This flaw can only be exploited after authenticating with an operator- or ...7.1Feb 10, 2026
• CVE-2025-9055The VAPIX Edge storage API that allowed a privilege escalation, enabling a VAPIX administrator-privileged user to gain Linux Root privileges. This flaw can only be exploited after authenticating wi...6.4Nov 11, 2025
• CVE-2025-8998It was possible to upload files with a specific name to a temporary directory, which may result in process crashes and impact usability. This flaw can only be exploited after authenticating with an...3.1Nov 11, 2025
• CVE-2025-9524The VAPIX API port.cgi did not have sufficient input validation, which may result in process crashes and impact usability. This vulnerability can only be exploited after authenticating with a viewe...4.3Nov 11, 2025
• CVE-2025-8108An ACAP configuration file has improper permissions and lacks input validation, which could potentially lead to privilege escalation. This vulnerability can only be exploited if the Axis device is ...6.7Nov 11, 2025
• CVE-2025-6779An ACAP configuration file has improper permissions, which could allow command injection and potentially lead to privilege escalation. This vulnerability can only be exploited if the Axis device is...6.7Nov 11, 2025
• CVE-2025-6571A 3rd-party component exposed its password in process arguments, allowing for low-privileged users to access it.6.0Nov 11, 2025
• CVE-2025-5452A malicious ACAP application can gain access to admin-level service account credentials used by legitimate ACAP applications, leading to potential privilege escalation of the malicious ACAP applica...6.6Nov 11, 2025
• CVE-2025-6298ACAP applications can gain elevated privileges due to improper input validation, potentially leading to privilege escalation. This vulnerability can only be exploited if the Axis device is configur...6.7Nov 11, 2025
• CVE-2025-5718The ACAP Application framework could allow privilege escalation through a symlink attack. This vulnerability can only be exploited if the Axis device is configured to allow the installation of unsi...6.8Nov 11, 2025
• CVE-2025-5454An ACAP configuration file lacked sufficient input validation, which could allow a path traversal attack leading to potential privilege escalation. This vulnerability can only be exploited if the A...6.4Nov 11, 2025