CNNVD-202601-2912 Information

CNNVD ID

CNNVD-202601-2912

Related CVE

CVE-2026-1064

• CNNVD Published: 2026-01-17

Description (Chinese)

Bastillion是bastillion-io开源的一个密钥管理工具。 Bastillion 4.0.1及之前版本存在命令注入漏洞，该漏洞源于对文件src/main/java/io/bastillion/manage/control/SystemKtrl.java中组件System Management Module的错误操作，可能导致命令注入攻击。

Description (English)

Bastillion is a key management tool for the bastillion-io open source. There is a gap in the commands in Bastillion 4.10 and earlier versions, which stems from the incorrect operation of the srsc/main/java/io/bastilion/manage/control/SystemKtrl.java component of the order, which could lead to an attack.

Hazard Level

High

Vulnerability Type

命令注入

Affected Vendor

bastillion-io

Published

2026-01-17

Last Modified

2026-02-24

References

https://github.com/AnalogyC0de/public_exp/blob/main/archives/Bastillion/report2.md https://vuldb.com/?submit.731308 https://vuldb.com/?ctiid.341632 https://vuldb.com/?id.341632 https://access.redhat.com/security/cve/cve-2026-1064