0x5t4l1n/CVE
1
0
Fork 0
mirror of https://github.com/0x5t4l1n/CVE.git synced 2026-05-26 19:26:32 +00:00
Code Issues Packages Projects Releases Wiki Activity

Create CVE-2026-48098.md

Browse Source
This commit is contained in:
Stalin
2026-05-21 12:17:26 +05:30
committed by GitHub
parent 01cdb7ecea
commit 0f779f783f
1 changed files with 34 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
patches/CVE-2026-48098.md
+34
View File
@@ -0,0 +1,34 @@
![CVE](https://img.shields.io/badge/CVE-2026--48098-red)
# CVE-2026-48098 — Unsafe Use of sudo and shell=True in NexTOR IP Changer
**Severity:** High
**CWE:** CWE-78, CWE-250
## Summary
NexTOR IP Changer executes privileged system commands using `sudo` and `shell=True` directly inside application logic. In environments where passwordless sudo (`NOPASSWD`) is enabled, privileged commands may execute silently without explicit user confirmation.
## Impact
* Privileged command execution
* Potential command injection risks
* Unauthorized system-level modifications
* Elevated impact in misconfigured sudo environments
## Affected
1.0.0-1
## Fixed
v2.0.0
## References
* https://github.com/advisories/GHSA-fpxg-q9p5-5wvm
* https://github.com/0x5t4l1n/NexTOR_IP_CHANGER/releases/tag/v2.0.0
## Credits
Remediation Developer: 0x5t4l1n