CNNVD-202601-4856 Information

Jan 29, 2026 cve

CNNVD ID

CNNVD-202601-4856

CVE-2026-24905

  • CNNVD Published: 2026-01-29

Description (Chinese)

Inspektor Gadget是Inspektor Gadget公司的一套基于 eBPF 的工具和框架。 Inspektor Gadget 0.48.1之前版本存在操作系统命令注入漏洞,该漏洞源于构建过程中用户控制的数据嵌入不当,可能导致命令注入。

Description (English)

Inspektor Gadget is an eBPF-based tool and framework for Inspektor Gadget. There was an operational system command-injection loophole in the pre-Inspektor Gadget 0.48.1, which resulted from the inappropriate embedding of user-controlled data during the construction process, which could lead to the injection of the command.

Hazard Level

High

Vulnerability Type

操作系统命令注入

Affected Vendor

Inspektor Gadget

Published

2026-01-29

Last Modified

2026-02-24

References

https://github.com/inspektor-gadget/inspektor-gadget/commit/7c83ad84ff7a68565655253e2cf1c5d2da695c1a https://github.com/inspektor-gadget/inspektor-gadget/security/advisories/GHSA-79qw-g77v-2vfh

Patch

https://github.com/inspektor-gadget/inspektor-gadget/releases

Share on: