Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Sangfor — Vulnerabilities & Security Advisories 18

Browse all 18 CVE security advisories affecting Sangfor. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Sangfor develops cybersecurity solutions including cloud, network, and endpoint security platforms. Historically, their products have faced vulnerabilities across multiple classes, including remote code execution, cross-site scripting, and privilege escalation. The company has recorded 18 CVEs, with several critical flaws allowing unauthorized system access. Notable incidents include authentication bypass vulnerabilities in their NGAF and endpoint protection products that could enable complete compromise. While Sangfor continues to address security issues, their historical vulnerability patterns highlight risks in web management interfaces and authentication mechanisms that require ongoing patch management and hardening.

Top products by Sangfor: Operation and Maintenance Management System Net-Gen Application Firewall Operation and Maintenance Security Management System 零信任访问控制系统 aTrust aTrust
CVE IDTitleCVSSSeverityPublished
CVE-2026-1414 Sangfor Operation and Maintenance Security Management System HTTP POST Request get_Information getInformation command injection — Operation and Maintenance Security Management SystemCWE-77 6.3 Medium2026-01-26
CVE-2026-1413 Sangfor Operation and Maintenance Security Management System HTTP POST Request port_validate portValidate command injection — Operation and Maintenance Security Management SystemCWE-77 6.3 Medium2026-01-26
CVE-2026-1412 Sangfor Operation and Maintenance Security Management System HTTP POST Request get_clip_img command injection — Operation and Maintenance Security Management SystemCWE-77 7.3 High2026-01-26
CVE-2026-1325 Sangfor Operation and Maintenance Security Management System edit_pwd_mall password recovery — Operation and Maintenance Security Management SystemCWE-640 5.3 Medium2026-01-22
CVE-2026-1324 Sangfor Operation and Maintenance Management System SSH Protocol session SessionController os command injection — Operation and Maintenance Management SystemCWE-78 8.8 High2026-01-22
CVE-2025-15503 Sangfor Operation and Maintenance Management System common.jsp unrestricted upload — Operation and Maintenance Management SystemCWE-434 7.3 High2026-01-10
CVE-2025-15502 Sangfor Operation and Maintenance Management System session SessionController os command injection — Operation and Maintenance Management SystemCWE-78 7.3 High2026-01-10
CVE-2025-15501 Sangfor Operation and Maintenance Management System getCmd WriterHandle.getCmd os command injection — Operation and Maintenance Management SystemCWE-78 9.8 Critical2026-01-09
CVE-2025-15500 Sangfor Operation and Maintenance Management System HTTP POST Request getHis os command injection — Operation and Maintenance Management SystemCWE-78 9.8 Critical2026-01-09
CVE-2025-15499 Sangfor Operation and Maintenance Management System VersionController.java uploadCN os command injection — Operation and Maintenance Management SystemCWE-78 8.8 High2026-01-09
CVE-2025-12916 Sangfor Operation and Maintenance Security Management System Frontend portal_login command injection — Operation and Maintenance Security Management SystemCWE-77 6.3 Medium2025-11-08
CVE-2025-52923 Sangfor aTrust 安全漏洞 — aTrustCWE-732 4.3 Medium2025-06-22
CVE-2025-5129 Sangfor 零信任访问控制系统 aTrust MSASN1.dll uncontrolled search path — 零信任访问控制系统 aTrustCWE-427 7.0 High2025-05-24
CVE-2023-30806 Sangfor Next-Gen Application Firewall PHPSESSID Command Injection — Net-Gen Application FirewallCWE-78 9.8 Critical2023-10-10
CVE-2023-30805 Sangfor Next-Gen Application Firewall Login Un Param Command Injection — Net-Gen Application FirewallCWE-78 9.8 Critical2023-10-10
CVE-2023-30804 Sangfor Next-Gen Application Firewall Authenticated File Disclosure — Net-Gen Application FirewallCWE-200 4.9 Medium2023-10-10
CVE-2023-30803 Sangfor Next-Gen Application Firewall Authentication Bypass — Net-Gen Application FirewallCWE-290 9.8 Critical2023-10-10
CVE-2023-30802 Sangfor Next-Gen Application Firewall Source Code Disclosure — Net-Gen Application FirewallCWE-540 5.3 Medium2023-10-10

This page lists every published CVE security advisory associated with Sangfor. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.