CNNVD-202602-1730 Information

CNNVD ID

CNNVD-202602-1730

Related CVE

CVE-2026-26215

• CNNVD Published: 2026-02-11

Description (Chinese)

Manga/Image Translator是zyddnys个人开发者的一个图片内文字翻译工具。 Manga/Image Translator beta-0.3及之前版本存在代码问题漏洞，该漏洞源于FastAPI端点使用pickle.loads反序列化攻击者控制的请求体时未经验证，可能导致未经验证的远程代码执行。

Description (English)

Manga/Image Translator is a photo translation tool for zyddnys personal developers. Manga/Image Translator Beta-0.3 and earlier versions had a code problem loophole, which originated from the unverified use of the FastAPI endpoint of a pickle.loads anti-sequenced assailant-controlled requesting body, which could lead to unverified remote code execution.

Vulnerability Type

代码问题

Affected Vendor

个人开发者

Published

2026-02-11

Last Modified

2026-02-24

References

https://chocapikk.com/posts/2026/manga-image-translator-pickle-rce/ https://github.com/zyddnys/manga-image-translator/blob/a537cb12b41daf2065795058c2753d87e73fa0fe/manga_translator/mode/share.py#L112 https://github.com/zyddnys/manga-image-translator/blob/a537cb12b41daf2065795058c2753d87e73fa0fe/manga_translator/mode/share.py#L130 https://github.com/zyddnys/manga-image-translator/issues/1116 https://github.com/zyddnys/manga-image-translator/issues/946 https://www.vulncheck.com/advisories/manga-image-translator-shared-api-unsafe-deserialization-rce