From 837cb25d0d667a2367f3062aa3491b9dfbbdf12a Mon Sep 17 00:00:00 2001
From: Stalin <161853795+0x5t4l1n@users.noreply.github.com>
Date: Thu, 21 May 2026 12:20:23 +0530
Subject: [PATCH] Create CVE-2026-48097.md

---
 patches/CVE-2026-48097.md | 33 +++++++++++++++++++++++++++++++++
 1 file changed, 33 insertions(+)
 create mode 100644 patches/CVE-2026-48097.md

diff --git a/patches/CVE-2026-48097.md b/patches/CVE-2026-48097.md
new file mode 100644
index 0000000..f12ef9e
--- /dev/null
+++ b/patches/CVE-2026-48097.md
@@ -0,0 +1,33 @@
+![CVE](https://img.shields.io/badge/CVE-2026--48097-red)
+
+# CVE-2026-48097 — PATH Injection Leading to Arbitrary Command Execution in NexTOR IP Changer
+
+**Severity:** High
+**CWE:** CWE-78, CWE-476
+
+## Summary
+
+A command execution vulnerability exists in NexTOR IP Changer due to unsafe use of `shell=True` with commands that rely on executable resolution through the `PATH` environment variable. An attacker controlling the execution environment can place malicious executables such as `sudo` earlier in the `PATH`, resulting in execution of attacker-controlled code.
+
+## Impact
+
+* Arbitrary command execution
+* Execution of attacker-controlled binaries
+* Potential privilege escalation
+* Full compromise of local system integrity and availability
+
+## Affected
+
+1.0.0-1
+
+## Fixed
+
+v2.0.0
+
+## References
+
+* https://github.com/advisories/GHSA-vx6r-vwjq-567w
+* https://github.com/0x5t4l1n/NexTOR_IP_CHANGER/releases/tag/v2.0.0
+
+## Credits
+Remediation Developer: 0x5t4l1n