Security Advisories

This page lists security advisories for Bondix products.

Security advisories are published here to inform users about vulnerabilities that may affect supported Bondix releases, available fixes, and recommended actions.

Users are advised to keep Bondix installations up to date and to review the release notes regularly:

• Bondix Release Notes

Advisories

CVE-2026-12104 — Authenticated OS Command Injection in Bondix

Status: Reserved / Pending publication
Severity: High
Affected product: Bondix Server
Affected platform: Linux
Affected versions: Up to and including 1.25.7.5
Fixed version: 1.25.7.6
CWE: CWE-78 — OS Command Injection
CVSS v4.0: 8.6 High

An authenticated OS command injection vulnerability was identified in the environment and tunnel configuration functionality of Bondix Server on Linux.

An authenticated attacker with configuration write access could potentially execute arbitrary operating-system commands by submitting crafted configuration values that are processed by server-side scripts.

The issue has been fixed in Bondix Server version 1.25.7.6.

Recommended action: Upgrade to Bondix Server version 1.25.7.6 or later.

CVSS vector:

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/AU:Y/R:U/RE:L/U:Amber

General Security Recommendations

• Keep Bondix installations updated to the latest available version.
• Restrict administrative and configuration write access to trusted users only.
• Review release notes for security-relevant changes.
• Contact SIMA GmbH support if you suspect that a system may be affected.

Reporting Security Issues

If you believe you have found a security vulnerability in Bondix, please contact SIMA GmbH through the official support channels.

Please include a clear description of the issue, affected versions, reproduction steps if available, and any relevant logs or configuration details.

Revision History

• 2026-06-18: Initial version of the security advisories page.