Pending AI Enrichment

This vulnerability was recently detected via the live feed and has not yet been processed by Precogs AI's context enrichment engine. The data below represents raw telemetric data.

RAW NVD TELEMETRY

CVE-2026-39866

CVSS Base Score
8.8 HIGH
Primary Weakness
CWE-77
Published Date
Apr 21, 2026
Data Source
NVD API

Lawnchair is a free, open-source home app for Android. Prior to commit fcba413f55dd47f8a3921445252849126c6266b2, command injection in release_update.yml workflow dispatch input allows arbitrary code execution. Commit fcba413f55dd47f8a3921445252849126c6266b2 patches the issue.

Related Vulnerabilitiesvia CWE-77

CVE-2026-44997.3 HIGH

A vulnerability was determined in D-Link DIR-820LW 2.

CWE-77CWE-78
CVE-2026-44977.3 HIGH

A vulnerability was determined in Totolink WA300 5.

CWE-77CWE-78
CVE-2026-44965.3 MEDIUM

A vulnerability was found in sigmade Git-MCP-Server up to 785aa159f262a02d5791a5d8a8e13c507ac42880.

CWE-77CWE-78
CVE-2025-156070 UNKNOWN

A command injection vulnerability on AX53 v1 occurs in mscd debug functionality due to insufficient input handling, allowing log redirection to arbitrary files and concatenation of unvalidated file content into shell commands, enabling authenticated attackers to inject and execute arbitrary commands.

CWE-77
CVE-2026-44684.7 MEDIUM

A vulnerability was determined in Comfast CF-AC100 2.

CWE-74CWE-77
CVE-2026-44674.7 MEDIUM

A vulnerability was found in Comfast CF-AC100 2.

CWE-74CWE-77

Is your system affected?

Precogs AI detects CVE-2026-39866 in compiled binaries, LLMs, and application layers — even without source code access.

Request Deep AnalysisBook a demo