Suspicious
Monthly
Remote unauthenticated code execution in Thales CERT's "Suspicious" email-analysis application (versions 1.3.4 and earlier), dubbed "Matryoshka Mail," lets an attacker abuse path traversal in attachment handling to overwrite writable application files-Python modules, configuration, cron inputs, and runtime artifacts-yielding root-level execution inside the Django container. Because the affected code runs Python and processes attacker-supplied mail, overwriting an imported module effectively converts arbitrary file write into RCE, plus persistent denial of service and possible exposure of application secrets and integrations. No public exploit identified at time of analysis and the issue is not in CISA KEV, but it carries a CVSS 4.0 base score of 9.2 and vendor-credited discovery by Lucien Doustaly (wlayzz).
Remote unauthenticated code execution in Thales CERT's "Suspicious" email-analysis application (versions 1.3.4 and earlier), dubbed "Matryoshka Mail," lets an attacker abuse path traversal in attachment handling to overwrite writable application files-Python modules, configuration, cron inputs, and runtime artifacts-yielding root-level execution inside the Django container. Because the affected code runs Python and processes attacker-supplied mail, overwriting an imported module effectively converts arbitrary file write into RCE, plus persistent denial of service and possible exposure of application secrets and integrations. No public exploit identified at time of analysis and the issue is not in CISA KEV, but it carries a CVSS 4.0 base score of 9.2 and vendor-credited discovery by Lucien Doustaly (wlayzz).