diff --git a/patches/CVE-2026-48098.md b/patches/CVE-2026-48098.md
new file mode 100644
index 0000000..9c6776b
--- /dev/null
+++ b/patches/CVE-2026-48098.md
@@ -0,0 +1,34 @@
+![CVE](https://img.shields.io/badge/CVE-2026--48098-red)
+
+# CVE-2026-48098 — Unsafe Use of sudo and shell=True in NexTOR IP Changer
+
+**Severity:** High
+**CWE:** CWE-78, CWE-250
+
+## Summary
+
+NexTOR IP Changer executes privileged system commands using `sudo` and `shell=True` directly inside application logic. In environments where passwordless sudo (`NOPASSWD`) is enabled, privileged commands may execute silently without explicit user confirmation.
+
+## Impact
+
+* Privileged command execution
+* Potential command injection risks
+* Unauthorized system-level modifications
+* Elevated impact in misconfigured sudo environments
+
+## Affected
+
+1.0.0-1
+
+## Fixed
+
+v2.0.0
+
+## References
+
+* https://github.com/advisories/GHSA-fpxg-q9p5-5wvm
+* https://github.com/0x5t4l1n/NexTOR_IP_CHANGER/releases/tag/v2.0.0
+
+## Credits
+
+Remediation Developer: 0x5t4l1n