A vulnerability categorized as critical has been discovered in Shibby Tomato 1.28.0000 . Impacted is the function rstats_path of the file /bin/rstats of the component Web UI . Executing a manipulation can lead to os command injection. This vulnerability is tracked as CVE-2026-10873 . The attack can be launched remotely. Moreover, an exploit is present. This project is superseded by FreshTomato.