What is the severity of CVE-2024-26290?

CVE-2024-26290 is considered a critical vulnerability due to the potential for remote code execution with root permissions.

How do I fix CVE-2024-26290?

To fix CVE-2024-26290, update Avid NEXIS E-series, F-series, PRO+, or System Director Appliance (SDA+) to the latest version beyond 2024.6.0.

What systems are affected by CVE-2024-26290?

CVE-2024-26290 affects Avid NEXIS E-series, F-series, PRO+, and System Director Appliance (SDA+) on Linux versions prior to 2024.6.0.

What type of vulnerability is CVE-2024-26290?

CVE-2024-26290 is classified as an Improper Input Validation vulnerability.

What are the consequences of CVE-2024-26290?

The consequences of CVE-2024-26290 include potential unauthorized code execution on the affected systems, which can compromise the operating system.

Vulnerability/
CVE-2024-26290

high

8.7

CWE

12/3/2025

CVE-2024-26290: Authenticated Remote Command Injection affecting Avid NEXIS

First published: Wed Mar 12 2025(Updated: )

Improper Input Validation vulnerability in Avid Avid NEXIS E-series on Linux, Avid Avid NEXIS F-series on Linux, Avid Avid NEXIS PRO+ on Linux, Avid System Director Appliance (SDA+) on Linux allows code execution on underlying operating system with root permissions.This issue affects Avid NEXIS E-series: before 2024.6.0; Avid NEXIS F-series: before 2024.6.0; Avid NEXIS PRO+: before 2024.6.0; System Director Appliance (SDA+): before 2024.6.0.

Credit: a6d3dc9e-0591-4a13-bce7-0f5b31ff6158

Affected Software	Affected Version	How to fix
Avid NEXIS E-series	<2024.6.0
Avid NEXIS F-series	<2024.6.0
Avid NEXIS PRO+	<2024.6.0
Avid System Director Appliance (SDA+)	<2024.6.0

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2024-26290?
CVE-2024-26290 is considered a critical vulnerability due to the potential for remote code execution with root permissions.
How do I fix CVE-2024-26290?
To fix CVE-2024-26290, update Avid NEXIS E-series, F-series, PRO+, or System Director Appliance (SDA+) to the latest version beyond 2024.6.0.
What systems are affected by CVE-2024-26290?
CVE-2024-26290 affects Avid NEXIS E-series, F-series, PRO+, and System Director Appliance (SDA+) on Linux versions prior to 2024.6.0.
What type of vulnerability is CVE-2024-26290?
CVE-2024-26290 is classified as an Improper Input Validation vulnerability.
What are the consequences of CVE-2024-26290?
The consequences of CVE-2024-26290 include potential unauthorized code execution on the affected systems, which can compromise the operating system.

collector/mitre-cve
source/MITRE
agent/weakness
agent/title
agent/first-publish-date
agent/type
agent/references
agent/description
agent/guess-ai
agent/software-canonical-lookup
agent/software-canonical-lookup-request
agent/softwarecombine
collector/nvd-api
source/NVD
agent/severity
agent/author
agent/last-modified-date
agent/source
agent/tags
agent/event
vendor/avid
canonical/avid nexis e-series
canonical/avid nexis f-series
canonical/avid nexis pro+
canonical/avid system director appliance (sda+)

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.