Skip to main content

Docker EUVDEUVD-2026-19361

| CVE-2026-34977 CRITICAL
OS Command Injection (CWE-78)
2026-04-06 GitHub_M
9.3
CVSS 4.0 · Vendor: GitHub_M
Share

Severity by source

Vendor (GitHub_M) PRIMARY
9.3 CRITICAL
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from Vendor (GitHub_M) · only source for this CVE.

CVSS VectorVendor: GitHub_M

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
X

Lifecycle Timeline

7
Re-analysis Queued
Apr 22, 2026 - 19:52 vuln.today
cvss_changed
Analysis Updated
Apr 16, 2026 - 05:46 EUVD-patch-fix
executive_summary
Re-analysis Queued
Apr 16, 2026 - 05:29 backfill_euvd_patch
patch_released
Patch available
Apr 16, 2026 - 05:29 EUVD
3.2.1
EUVD ID Assigned
Apr 06, 2026 - 16:45 euvd
EUVD-2026-19361
Analysis Generated
Apr 06, 2026 - 16:45 vuln.today
CVE Published
Apr 06, 2026 - 16:16 nvd
CRITICAL 9.3

DescriptionCVE.org

Aperi'Solve is an open-source steganalysis web platform. Prior to 3.2.1, when uploading a JPEG, a user can specify an optional password to accompany the JPEG. This password is then directly passed into an expect command, which is then subsequently passed into a bash -c command, without any form of sanitization or validation. An unauthenticated attacker can achieve root-level RCE inside the worker container with a single HTTP request, enabling full read/write access to all user-uploaded images, analysis results, and plaintext steganography passwords stored on disk. Because the container shares a Docker network with PostgreSQL and Redis (no authentication on either), the attacker can pivot to dump the entire database or manipulate the job queue to poison results for other users. If Docker socket mounting or host volume mounts are present, this could escalate to full host compromise. This would also include defacement of the website itself. This vulnerability is fixed in 3.2.1.

AnalysisAI

Unauthenticated remote code execution (RCE) at root level in Aperi'Solve <3.2.1 allows attackers to execute arbitrary commands via unsanitized password input in JPEG upload functionality. Attack requires no authentication (PR:N) and low complexity (AC:L), with CVSS 9.3 critical severity. Publicly available exploit code exists via GitHub advisory. Attackers gain full container compromise with potential pivot to PostgreSQL/Redis databases and, in misconfigured deployments with Docker socket mounts, possible host system takeover. EPSS data not provided, but given unauthenticated network-based vector and public disclosure with fix details, exploitation risk is substantial for exposed instances.

Technical ContextAI

Aperi'Solve is a web-based steganography analysis platform (cpe:2.3:a:zeecka:aperisolve) that processes user-uploaded images. The vulnerability stems from CWE-78 (OS Command Injection) in the JPEG processing workflow. When users upload JPEG files with an optional password parameter for steganography extraction, the application passes this password directly into an 'expect' command construct, which is subsequently executed via 'bash -c' without input validation or sanitization. This creates a classic command injection vector where shell metacharacters in the password field are interpreted as commands. The worker container runs with root privileges and shares a Docker network with backend services (PostgreSQL database and Redis queue) that lack authentication, creating a lateral movement opportunity. The architecture demonstrates insufficient input validation at the application layer combined with excessive container privileges and inadequate network segmentation.

RemediationAI

Upgrade immediately to Aperi'Solve version 3.2.1 or later, released by the vendor to address this vulnerability (https://github.com/Zeecka/AperiSolve/releases/tag/3.2.1). The fix implemented in commit 0193ca4a7d8ae9d6ba6cde82d37a6f94953463b4 (https://github.com/Zeecka/AperiSolve/commit/0193ca4a7d8ae9d6ba6cde82d37a6f94953463b4) and merged via pull request #195 (https://github.com/Zeecka/AperiSolve/pull/195) introduces proper input sanitization for password parameters before shell command execution. For organizations unable to upgrade immediately, implement network-level access controls to restrict Aperi'Solve exposure to trusted networks only, though this is a temporary mitigation-the vulnerability remains exploitable by any user with access. Review container configurations to remove unnecessary Docker socket mounts, implement principle of least privilege for container runtime (avoid root), and add authentication to PostgreSQL and Redis services to limit lateral movement potential. After patching, conduct security review of uploaded content and database integrity, as prior exploitation may have occurred undetected.

More in Docker

View all
CVE-2024-55964 CRITICAL POC
9.8 Mar 26

An issue was discovered in Appsmith before 1.52. Rated critical severity (CVSS 9.8), this vulnerability is remotely expl

CVE-2019-5736 HIGH POC
8.6 Feb 11

runc through version 1.0-rc6 (used in Docker before 18.09.2) contains a container escape vulnerability that allows attac

CVE-2023-32077 HIGH POC
7.5 Aug 24

Netmaker makes networks with WireGuard. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no a

CVE-2026-39987 CRITICAL POC
9.3 Apr 08

Unauthenticated remote code execution in Marimo ≤0.20.4 allows attackers to execute arbitrary system commands via the `/

CVE-2023-5815 HIGH POC
8.1 Nov 22

The News & Blog Designer Pack - WordPress Blog Plugin - (Blog Post Grid, Blog Post Slider, Blog Post Carousel, Blog Post

CVE-2014-9357 CRITICAL
10.0 Dec 16

Docker 1.3.2 allows remote attackers to execute arbitrary code with root privileges via a crafted (1) image or (2) build

CVE-2026-34156 CRITICAL POC
9.9 Mar 30

Remote code execution in NocoBase Workflow Script Node (npm @nocobase/plugin-workflow-javascript) allows authenticated l

CVE-2019-15752 HIGH POC
7.8 Aug 28

Docker Desktop Community Edition before 2.1.0.1 allows local users to gain privileges by placing a Trojan horse docker-c

CVE-2025-34221 CRITICAL POC
10.0 Sep 29

Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 25.2.169 and Application prior to version 2

CVE-2024-23054 CRITICAL POC
9.8 Feb 05

An issue in Plone Docker Official Image 5.2.13 (5221) open-source software that could allow for remote code execution du

CVE-2025-23211 CRITICAL POC
9.9 Jan 28

Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. Rated critical seve

CVE-2026-46339 CRITICAL POC
10.0 May 19

Unauthenticated remote code execution in 9router (npm package) versions 0.4.30 through 0.4.36 allows network-adjacent at

Share

EUVD-2026-19361 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy