Vulnerability Analysis
H3C SecPath F1000-C8300 g=log_fw_nbc_mail_jsondata sql injection
CVE-2026-15907
A flaw has been found in H3C SecPath F1000-C8300 up to 20260522. This impacts an unknown function of the file /webui/?g=log_fw_nbc_mail_jsondata. Executing a manipulation of the argument subject can lead to sql injection. The attack can be executed remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure and confirmed the existence of the vulnerability. A technical fix is planned to be released.
Injection
No Active Exploit Signals
CVSS Base Score
6.9
MEDIUM
Exploitability:-
Impact Score:-
Temporal Score:-
EPSS:0.25%
Threat Intelligence Signals
CISA KEV
No
KEV Date Added
—
Ransomware Use
—
KEV Due Date
—
VulnCheck In-the-Wild
No
Nuclei Template
No
EPSS Score
0.254%
EPSS Percentile
16.8th pct
GHSA ID
GitHub Severity
MODERATE
SSVC Exploitation
Proof of Concept
SSVC Automatable
Yes
Vulnerability Class
Injection
Identity & Timeline
| Status | - |
| Assigning Authority | - |
| CVSS Version / Source | - |
| Reserved | - |
| Published | - |
| Patch Date (date_public) | - |
| Exploit DB Date | - |
| First GitHub PoC Date | - |
| Last Updated | - |
| Time to Patch (Days to fix) | - |
| Exploit Release Gap | - |
| PoC Release Gap | - |
| Exploit DB References | None identified |
Affected Products & Versions
| Vendor | Product | Affected Versions |
|---|---|---|
| No affected products specified. | ||
Social Buzz