0x5t4l1n/CVE
1
0
Fork 0
mirror of https://github.com/0x5t4l1n/CVE.git synced 2026-05-26 11:25:49 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
main
CVE/patches/CVE-2026-48098.md
T
Stalin 0f779f783f Create CVE-2026-48098.md
2026-05-21 12:17:26 +05:30

848 B
Raw Permalink Blame History

CVE

CVE-2026-48098 — Unsafe Use of sudo and shell=True in NexTOR IP Changer

Severity: High CWE: CWE-78, CWE-250

Summary

NexTOR IP Changer executes privileged system commands using sudo and shell=True directly inside application logic. In environments where passwordless sudo (NOPASSWD) is enabled, privileged commands may execute silently without explicit user confirmation.

Impact

  • Privileged command execution
  • Potential command injection risks
  • Unauthorized system-level modifications
  • Elevated impact in misconfigured sudo environments

Affected

1.0.0-1

Fixed

v2.0.0

References

Credits

Remediation Developer: 0x5t4l1n

Reference in New Issue View Git Blame Copy Permalink