Control-M CVE-2026-10539: Unauthenticated Remote Command Injection (CVSS 9.5) Vulnerability Report Control-M CVE-2026-10539: Unauthenticated Remote Command Injection (CVSS 9.5) Do Son July 7, 2026 0 TL;DR BMC disclosed a critical flaw in Control-M/Server tracked as CVE-2026-10539. The Control-M command injection bug scores... Read More Read more about Control-M CVE-2026-10539: Unauthenticated Remote Command Injection (CVSS 9.5)