A command injection vulnerability exists in Caldera 2.8.1 and earlier, which stems from multiple startup βrequirementsβ that execute commands when starting a server that commands can be changed via the REST API. An authenticated attacker could use this vulnerability to insert arbitrary commands and restart execution.