Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Sangfor — Vulnerabilities & Security Advisories 18

Browse all 18 CVE security advisories affecting Sangfor. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Sangfor develops cybersecurity solutions including cloud, network, and endpoint security platforms. Historically, their products have faced vulnerabilities across multiple classes, including remote code execution, cross-site scripting, and privilege escalation. The company has recorded 18 CVEs, with several critical flaws allowing unauthorized system access. Notable incidents include authentication bypass vulnerabilities in their NGAF and endpoint protection products that could enable complete compromise. While Sangfor continues to address security issues, their historical vulnerability patterns highlight risks in web management interfaces and authentication mechanisms that require ongoing patch management and hardening.

Top products by Sangfor: Operation and Maintenance Management System Net-Gen Application Firewall Operation and Maintenance Security Management System 零信任访问控制系统 aTrust aTrust
Critical2026-01-27
Sangfor OSM Remote Code Execution via FortEquipmentNodeController · Issue #24 · LX-LX88/cve
Critical2026-01-27
Sangfor OSM Remote Code Execution via SSH Protocol · Issue #20 · LX-LX88/cve
CriticalCVE-2024-Unknown2026-01-27
Sangfor OSM Unauthenticated Arbitrary Password Reset · Issue #21 · LX-LX88/cve
Critical2026-01-27
Sangfor OSM Remote Code Execution via IpOrPortController · Issue #23 · LX-LX88/cve
Critical2026-01-27
Sangfor OSM Command Injectiona in fort/audit/get_clip_img · Issue #22 · LX-LX88/cve
Critical2026-01-20
Command Injection via Filename in Sangfor Operation and Maintenance Management System (OSM) · Issue #10 · master-abc/cve
Critical2026-01-20
Command Injection via Filename in Sangfor Operation and Maintenance Management System (OSM) · Issue #10 · master-abc/cve
Critical2026-01-20
Unauthenticated Remote Command Execution (RCE) in Sangfor OSM via getHis Interface · Issue #11 · master-abc/cve
Critical2026-01-20
Unauthenticated Remote Command Execution (RCE) in Sangfor OSM via getHis Interface · Issue #11 · master-abc/cve
Critical2026-01-20
Unauthenticated Remote Command Execution (RCE) in Sangfor OSM via getCmd Interface · Issue #12 · master-abc/cve
Critical2026-01-20
Unauthenticated Remote Command Execution (RCE) in Sangfor OSM via getCmd Interface · Issue #12 · master-abc/cve
Critical2026-01-20
Unauthenticated Remote Command Execution (RCE) in Sangfor OSM via session Interface · Issue #14 · master-abc/cve
Critical2026-01-20
Unauthenticated Arbitrary File Upload (RCE) in Sangfor OSM via common.jsp · Issue #13 · master-abc/cve
Critical2026-01-20
Unauthenticated Arbitrary File Upload (RCE) in Sangfor OSM via common.jsp · Issue #13 · master-abc/cve
Critical2026-01-20
Unauthenticated Remote Command Execution (RCE) in Sangfor OSM via session Interface · Issue #14 · master-abc/cve

Showing up to 20 recent security advisories. View all →

This page lists every published CVE security advisory associated with Sangfor. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.