Zero Day MonitorZDM

← Back to list

EST

PRE-CVE

apache · hertzbeat

Apache HertzBeat 1.8.0 Remote Code Execution via Script Command Injection

60% confidence

Description

Apache HertzBeat 1.8.0 allows authenticated users to execute arbitrary OS commands via the scriptCommand parameter in monitoring templates. The vulnerability exists in ScriptCollectImpl.collect() when processing script protocol definitions, where unsanitized user input is passed to ProcessBuilder (bash -c) for execution. Attackers can overwrite monitoring templates via PUT /api/apps/define/yml and trigger execution through active monitoring instances or by creating new ones.

Affected Products

Vendor	Product	Versions
apache	hertzbeat	1.8.0

Related News (1 articles)

Tier C

Exploit-DB14h ago

[webapps] Apache HertzBeat 1.8.0 - Remote Code Execution

→ No new info (linked only)

CISA KEV❌ No

Actively exploited❌ No

CWECWE-78

PublishedMay 14, 2026

Last enriched1h ago

Trending Score29

Source articles1

Independent1

Info Completeness7/14

Missing: cve_id, cvss, epss, kev, patch, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

No votes yet

Related CVEs (5)

HIGHCVE-2026-29146

Apache Tomcat: EncryptInterceptor vulnerable to padding oracle attack by default

CRITICALCVE-2026-41293EXP

Apache Tomcat: HTTP/2 request headers not validated

CRITICALCVE-2026-43515EXP

Apache Tomcat: Security constraints not correctly applied

NONECVE-2026-41284EXP

Apache Tomcat: Unbounded read in WebDAV LOCK and PROPFIND handling

NONECVE-2026-42498EXP

Apache Tomcat: WebSocket authentication header exposure

Pin to Dashboard

Verification

State: reported

Confidence: 60%

Vulnerability Timeline

CVE Published

May 14, 2026

Exploit Available

May 14, 2026

Discovered by ZDM

May 14, 2026