SB2026011945 - Anolis OS update for httpd
Published: January 19, 2026
Security Bulletin ID
SB2026011945
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Remote access
Highest impact
Data manipulation
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Improper Neutralization of Server-Side Includes (SSI) Within a Web Page (CVE-ID: CVE-2025-58098)
The vulnerability allows a remote attacker to execute arbitrary commands.
The vulnerability exists due to insufficient input validation with Server Side Includes (SSI) enabled and mod_cgid (but not mod_cgi). The web server passes the shell-escaped query string to #exec cmd="..." directives. A remote attacker can send a specially crafted HTTP request to the server and potentially execute arbitrary code.
Remediation
Install update from vendor's website.