CVE-2026-48098 — Unsafe Use of sudo and shell=True in NexTOR IP Changer

Severity: High CWE: CWE-78, CWE-250

Summary

NexTOR IP Changer executes privileged system commands using sudo and shell=True directly inside application logic. In environments where passwordless sudo (NOPASSWD) is enabled, privileged commands may execute silently without explicit user confirmation.

Impact

Privileged command execution
Potential command injection risks
Unauthorized system-level modifications
Elevated impact in misconfigured sudo environments

Affected

1.0.0-1

Fixed

v2.0.0

References

https://github.com/advisories/GHSA-fpxg-q9p5-5wvm
https://github.com/0x5t4l1n/NexTOR_IP_CHANGER/releases/tag/v2.0.0

Credits

Remediation Developer: 0x5t4l1n

848 B Raw Blame History