0x5t4l1n/CVE
1
0
Fork 0
mirror of https://github.com/0x5t4l1n/CVE.git synced 2026-05-26 19:26:32 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
2b13a7546704aff87e09ef0800df5df55bd768b1
CVE/reported/CVE-2026-45152.md
T
Stalin cf6946769c Create CVE-2026-45152.md
2026-05-12 18:30:04 +05:30

2.5 KiB
Raw Blame History

CVE

CVE-2026-45152 — uniget Command Injection via Unsafe tool.Check Execution

CVE-2026-45152 has been officially published by GitHub Security Advisories.

Overview

A command injection vulnerability exists in uniget due to unsafe execution of the check field from metadata files using /bin/bash -c. Because the check field is loaded directly from untrusted JSON metadata without validation or sanitization, an attacker can craft malicious metadata that executes arbitrary shell commands on the victims system.

CVE ID: CVE-2026-45152

Affected Version: uniget CLI ≤ 0.27.0

Fixed In: uniget CLI 0.27.1

Severity: High

CWE: CWE-78 (Improper Neutralization of Special Elements used in an OS Command)

Description

The vulnerability exists in the RunVersionCheck() function, where uniget executes the tool.Check field using /bin/bash -c.

Because metadata files are parsed directly into the Tool structure using json.Unmarshal(), attacker-controlled input can reach the shell execution sink without validation.

The following vulnerable pattern was identified:

cmd := exec.Command("/bin/bash", "-c", tool.Check+" | tr -d '\n'")

Since /bin/bash -c interprets shell metacharacters such as ;, &&, |, $(), and backticks, arbitrary shell commands may be injected and executed.

Impact

An attacker processing malicious metadata may be able to:

  • Execute arbitrary shell commands
  • Exfiltrate sensitive files or environment variables
  • Install malware or backdoors
  • Modify or delete accessible files
  • Establish persistence on the victim machine
  • Compromise CI/CD environments using uniget automation

Commands execute with the privileges of the user running uniget.

Preconditions

  • The victim must process attacker-controlled metadata files.
  • The vulnerable uniget version must invoke the tool.Check field through /bin/bash -c.
  • The attacker must be able to supply malicious metadata containing shell metacharacters.

Workarounds

  • Avoid using /bin/bash -c with untrusted input.
  • Sanitize or strictly validate metadata fields before execution.
  • Execute fixed binaries and arguments directly without invoking a shell.
  • Run uniget in isolated or low-privilege environments when processing untrusted metadata.

References

Discoverer

Stalin S (@0x5t4l1n)

Reference in New Issue View Git Blame Copy Permalink