MajorDoMo carries a CISA KEV-listed, unauthenticated OS command injection vulnerability (CVE-2026-27175, CVSS 9.8) in its rc/index.php endpoint, exploitable via a timing-based race condition with the cycle_execs.php execution worker requiring no credentials at either endpoint. CISA confirmation of in-the-wild exploitation means this should be treated as actively compromised in any internet-facing deployment. Immediate actions are network isolation or takedown of all MajorDoMo instances, perimeter blocking of the two vulnerable endpoints, and patching from the official repository once a verified clean release is confirmed.