CVE-2026-24788

8.8 HIGH
Remote Code Execution

📋 TL;DR

CVE-2026-24788 is an OS command injection vulnerability in RaspAP raspap-webgui that allows authenticated users to execute arbitrary commands on the underlying operating system. This affects all systems running RaspAP versions before 3.3.6. Attackers with valid credentials can gain full control of affected devices.

💻 Affected Systems

Products:
  • RaspAP raspap-webgui
Versions: All versions prior to 3.3.6
Operating Systems: Raspberry Pi OS, Debian-based Linux distributions
Default Config Vulnerable: ⚠️ Yes
Notes: Affects default installations where RaspAP is configured as a wireless access point or network management interface.

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise allowing attacker to install persistent backdoors, pivot to other network devices, exfiltrate sensitive data, or use the device for botnet activities.

🟠

Likely Case

Local privilege escalation leading to full control of the Raspberry Pi device, potentially compromising the entire network segment if the device has privileged access.

🟢

If Mitigated

Limited impact if strong authentication controls, network segmentation, and least privilege principles are properly implemented.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

Requires valid authentication credentials but command injection is straightforward once authenticated.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 3.3.6

Vendor Advisory: https://github.com/RaspAP/raspap-webgui/releases

Restart Required: Yes

Instructions:

1. Backup current configuration. 2. Update using: sudo apt update && sudo apt upgrade raspap-webgui. 3. If using manual installation: git pull from repository and follow update instructions. 4. Restart the web service: sudo systemctl restart raspap-webgui.

🔧 Temporary Workarounds

Disable RaspAP Web Interface

linux

Temporarily disable the web interface while maintaining underlying network functionality

sudo systemctl stop raspap-webgui
sudo systemctl disable raspap-webgui

Restrict Access with Firewall

linux

Limit access to RaspAP web interface to trusted IP addresses only

sudo ufw allow from 192.168.1.0/24 to any port 80
sudo ufw allow from 192.168.1.0/24 to any port 443

🧯 If You Can't Patch

  • Implement strict network segmentation to isolate affected devices from critical systems
  • Enforce strong authentication policies and consider implementing multi-factor authentication

🔍 How to Verify

Check if Vulnerable:

Check RaspAP version: cat /etc/raspap/version or check web interface About page. If version is below 3.3.6, system is vulnerable.

Check Version:

cat /etc/raspap/version 2>/dev/null || grep 'version' /var/www/html/includes/config.php

Verify Fix Applied:

Verify version is 3.3.6 or higher using same commands. Test web interface functionality remains intact.

📡 Detection & Monitoring

Log Indicators:

  • Unusual command execution in web server logs
  • Multiple failed login attempts followed by successful login and command execution
  • Suspicious processes spawned from web server user

Network Indicators:

  • Unusual outbound connections from Raspberry Pi devices
  • Traffic patterns indicating command and control communication
  • Port scanning originating from affected devices

SIEM Query:

source="raspap-webgui" AND (process_execution OR command_injection OR suspicious_user_agent)

📊 Metadata

CVE ID: CVE-2026-24788
CVSS v3 Score: 8.8 (HIGH)
CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-78
Published: February 2, 2026
Last Updated: February 4, 2026

🤖 AI-assisted analysis, reviewed for accuracy

🔗 References

📤 Share This