CVE-2026-26068
🔴 Łataj teraz
Wstrzyknięcie poleceń w emp3r0r umożliwia zdalne wykonanie kodu na hoście operatora.
CVSS
9.9
EPSS
3.3%
Exploit
poc
Vendor
jm33-m0
Opis źródłowy (NVD)
emp3r0r is a stealth-focused C2 designed by Linux users for Linux environments. Prior to 3.21.1, untrusted agent metadata (Transport, Hostname) is accepted during check-in and later interpolated into tmux shell command strings executed via /bin/sh -c. This enables command injection and remote code execution on the operator host. This vulnerability is fixed in 3.21.1.
exploit rce
Brak patcha
Źródła i daty
| Źródło | Wartość |
|---|---|
| NVD – CVSS | 9.9 |
| CISA KEV (aktywnie wykorzystywane) | Nie |
| FIRST EPSS (prawdopodobieństwo exploita) | 3.3% |
| Opublikowano (NVD) | 2026-02-12 22:16:06 UTC |
| Ostatnia modyfikacja (NVD) | 2026-06-17 10:25:40 UTC |
Referencje
- https://github.com/jm33-m0/emp3r0r/commit/0cd64e4a26e7839a9a54bca3d756a665fcb7fda0 (security-advisories@github.com) [Patch]
- https://github.com/jm33-m0/emp3r0r/releases/tag/v3.21.1 (security-advisories@github.com) [Product, Release Notes]
- https://github.com/jm33-m0/emp3r0r/security/advisories/GHSA-h5p4-4xp4-vjpp (security-advisories@github.com) [Exploit, Vendor Advisory]