CNNVD-202601-2910 Information

CNNVD ID

CNNVD-202601-2910

Related CVE

CVE-2026-1063

• CNNVD Published: 2026-01-17

Description (Chinese)

Bastillion是bastillion-io开源的一个密钥管理工具。 Bastillion 4.0.1及之前版本存在命令注入漏洞，该漏洞源于对文件src/main/java/io/bastillion/manage/control/AuthKeysKtrl.java中组件Public Key Management System的错误操作，可能导致命令注入攻击。

Description (English)

Bastillion is a key management tool for the bastillion-io open source. Bastillion 4.10 & previous versions contain a command-injecting loophole, which stems from the erroneous operation of the Public Key Management System component of document src/main/java/io/bastillion/manage/control/AuthKeysKtrl.java, which may result in an order-injecting attack.

Hazard Level

High

Vulnerability Type

命令注入

Affected Vendor

bastillion-io

Published

2026-01-17

Last Modified

2026-02-24

References

https://vuldb.com/?id.341631 https://github.com/AnalogyC0de/public_exp/blob/main/archives/Bastillion/report1.md https://vuldb.com/?ctiid.341631 https://vuldb.com/?submit.731303 https://access.redhat.com/security/cve/cve-2026-1063