Topsec - Topacm - CRITICAL - CVE-2026-4170. An OS command injection vulnerability exists in the Topsec TopACM 3.0 product, specifically within the HTTP Request Handler component linked to the file /view/systemConfig/management/nmc_sync.php. By manipulating the 'template_path' argument, an attacker can execute arbitrary OS commands remotely. This severe security flaw enables unauthorized users to exploit the system, making proactive measures essential for affected users. Despite early disclosure attempts to the vendor, no response or remediation has been provided to address this critical issue. Immediate attention should be directed towards implementing security best practices to mitigate potential risks. BADGES: 👾 EXPLOITED | 🟡 PoC | SecurityVulnerability.io