Back to CVE List

CVE-2026-10042

CRITICAL SEVERITY

CVSS Score & Metrics

Base Score
9.8 / 10
Vector String
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Vulnerability Description

manga-image-translator contains a remote code execution vulnerability in the shared API server mode due to unsafe deserialization of untrusted pickle data in the share.py module, where the /execute/{method_name} and /simple_execute/{method_name} endpoints deserialize attacker-controlled HTTP request bodies using pickle.loads(). A remote attacker can supply a crafted pickle payload to these endpoints to execute arbitrary code in the server process, resulting in full container compromise when running in the default Docker deployment as root.

Vulnerability Details

Published Date
Last Modified
CWE ID
CWE-502
Source
NVD
Vendor
zyddnys
Product
manga-image-translator

External References

Discussion (0)

Add Comment

No comments yet. Be the first!