A vulnerability labeled as critical has been found in vertex-app vertex up to 2026.02.12 . This issue affects some unknown processing of the file app/model/LogMod.js of the component Log Viewer Endpoint . Such manipulation of the argument req.query leads to os command injection. This vulnerability is documented as CVE-2026-11408 . The attack can be executed remotely. Additionally, an exploit exists. It is best practice to apply a patch to resolve this issue.