CNNVD-202602-1450 Information

CNNVD ID

CNNVD-202602-1450

Related CVE

CVE-2026-26009

• CNNVD Published: 2026-02-10

Description (Chinese)

Catalyst是karutoil个人开发者的一个Web应用程序框架。 Catalyst存在操作系统命令注入漏洞，该漏洞源于服务器模板中定义的安装脚本以root权限直接在主机操作系统上执行，可能导致拥有模板创建或更新权限的用户实现远程代码执行。

Description (English)

Catalyst is a Web application framework for karutoil personal developers. Catalyst has a bug in the operating system command, which results from the installation script defined in the server template being executed directly on the host operating system with root privileges, which may result in remote code execution by users with template creation or updating permission.

Vulnerability Type

操作系统命令注入

Affected Vendor

个人开发者

Published

2026-02-10

Last Modified

2026-02-24

References

https://github.com/karutoil/catalyst/commit/11980aaf3f46315b02777f325ba02c56b110165d https://github.com/karutoil/catalyst/security/advisories/GHSA-xv5r-cpcw-8wr3 https://access.redhat.com/security/cve/cve-2026-26009

Patch

http://www.catalystframework.org/