Severity by source
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
7DescriptionCVE.org
Arelle before 2.39.10 contains an unauthenticated remote code execution vulnerability in the /rest/configure REST endpoint that accepts a plugins query parameter and forwards it to the plugin manager without authentication or authorization. Attackers can supply a URL to a malicious Python file through the plugins parameter, causing the Arelle webserver to download and execute the attacker-controlled code within the Arelle process with its privileges.
AnalysisAI
Remote code execution in Arelle webserver (versions prior to 2.39.10) allows unauthenticated attackers to execute arbitrary Python code by submitting malicious plugin URLs to the /rest/configure endpoint. The vulnerability stems from the webserver's plugin manager accepting and executing external Python files without authentication or URL validation. A patch is available in version 2.39.10 (GitHub PR #2320). CVSS 9.8 with network vector, no privileges required, and EPSS data not provided. No CISA KEV listing or confirmed active exploitation at time of analysis.
Technical ContextAI
Arelle is an open-source platform for XBRL (eXtensible Business Reporting Language) processing, commonly used for financial reporting validation and analysis. The vulnerability exists in Arelle's built-in REST API webserver component, specifically the /rest/configure endpoint that interfaces with the plugin management system. According to CWE-306 (Missing Authentication for Critical Function), the endpoint fails to implement authentication or authorization checks before processing the plugins query parameter. When an attacker-supplied URL is provided, the plugin manager uses Python's native capabilities to fetch and execute the remote .py file within the Arelle process context, inheriting all privileges of the running webserver instance. The affected CPE indicates this impacts the core Arelle application (cpe:2.3:a:arelle:arelle) across all versions before 2.39.10. GitHub PR #2320 titled 'Restrict Webserver Plugins' implemented the fix by adding authentication requirements and validating plugin sources before execution.
RemediationAI
Upgrade to Arelle version 2.39.10 or later, which implements authentication and plugin source restrictions per GitHub PR #2320 (https://github.com/Arelle/Arelle/pull/2320). Download the patched release from https://github.com/Arelle/Arelle/releases/tag/2.39.10. For environments unable to immediately upgrade, implement network-level access controls to restrict the /rest/configure endpoint to trusted IP ranges only - use firewall rules or reverse proxy ACLs to block external access to all /rest/* paths. Note this workaround prevents legitimate remote REST API usage and may break automation workflows. Alternatively, disable the Arelle webserver component entirely and migrate to CLI-based processing if REST API functionality is not business-critical. Monitor webserver logs for suspicious POST/GET requests to /rest/configure with plugins parameters, particularly URLs pointing to external domains or IP addresses. Review existing plugin configurations to ensure no unauthorized plugins were installed prior to patching.
Wazuh SIEM platform versions 4.4.0 through 4.9.0 contain an unsafe deserialization vulnerability in the DistributedAPI t
BentoML version 1.4.2 and earlier contains an unauthenticated remote code execution vulnerability through insecure deser
pgAdmin 4 contains critical remote code execution vulnerabilities in the Query Tool download and Cloud Deployment endpoi
The renderLocalView function in render/views.py in graphite-web in Graphite 0.9.5 through 0.9.10 uses the pickle Python
BentoML is a Python library for building online serving systems optimized for AI apps and model inference. Rated critica
OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCiph
pyLoad download manager version prior to 0.5.0b3.dev77 exposes the Flask SECRET_KEY through an unauthenticated endpoint.
In Mercurial before 4.1.3, "hg serve --stdio" allows remote authenticated users to launch the Python debugger, and conse
Unauthenticated remote code execution in Marimo ≤0.20.4 allows attackers to execute arbitrary system commands via the `/
pyLoad is the free and open-source Download Manager written in pure Python. Rated medium severity (CVSS 5.3), this vulne
Langflow (a visual LLM pipeline builder) contains a critical unauthenticated code execution vulnerability (CVE-2026-3301
Cross-user flow execution in Langflow (< 1.9.1) lets any authenticated API-key holder run another user's flow by passing
Same technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-27079