![CVE](https://img.shields.io/badge/CVE-2026--48097-red)

# CVE-2026-48097 — PATH Injection Leading to Arbitrary Command Execution in NexTOR IP Changer

**Severity:** High
**CWE:** CWE-78, CWE-476

## Summary

A command execution vulnerability exists in NexTOR IP Changer due to unsafe use of `shell=True` with commands that rely on executable resolution through the `PATH` environment variable. An attacker controlling the execution environment can place malicious executables such as `sudo` earlier in the `PATH`, resulting in execution of attacker-controlled code.

## Impact

* Arbitrary command execution
* Execution of attacker-controlled binaries
* Potential privilege escalation
* Full compromise of local system integrity and availability

## Affected

1.0.0-1

## Fixed

v2.0.0

## References

* https://github.com/advisories/GHSA-vx6r-vwjq-567w
* https://github.com/0x5t4l1n/NexTOR_IP_CHANGER/releases/tag/v2.0.0

## Credits
Remediation Developer: 0x5t4l1n