CVE-2026-29042

CRITICAL
2026-03-06 [email protected] GHSA-95fj-3w7g-4r27
9.8
CVSS 3.1
Share

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

4
Analysis Generated
Mar 12, 2026 - 22:06 vuln.today
PoC Detected
Mar 10, 2026 - 19:32 vuln.today
Public exploit code
Patch Released
Mar 10, 2026 - 19:32 nvd
Patch available
CVE Published
Mar 06, 2026 - 07:16 nvd
CRITICAL 9.8

Tags

Command Injection AI / ML Nuclio

Description

Nuclio is a "Serverless" framework for Real-Time Events and Data Processing. Prior to version 1.15.20, the Nuclio Shell Runtime component contains a command injection vulnerability in how it processes user-supplied arguments. When a function is invoked via HTTP, the runtime reads the X-Nuclio-Arguments header and directly incorporates its value into shell commands without any validation or sanitization. This issue has been patched in version 1.15.20.

Analysis

Shell command injection in Nuclio serverless framework before 1.15.20. PoC and patch available.

Sign in for full analysis, threat intelligence, and remediation guidance.

Remediation

Within 24 hours: Identify all systems running Nuclio versions prior to 1.15.20 and isolate them from production networks if patching cannot be completed immediately. Within 7 days: Apply vendor patch to upgrade all affected Nuclio instances to version 1.15.20 or later, with testing in non-production environments first. …

Sign in for detailed remediation steps.

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Sign in - Free

Priority Score

70
Low Medium High Critical
KEV: 0
EPSS: +0.7
CVSS: +49
POC: +20

Share

CVE-2026-29042 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy