Skip to main content

Suspicious

1 CVEs product

Monthly

CVE-2026-13014 CRITICAL Act Now

Remote unauthenticated code execution in Thales CERT's "Suspicious" email-analysis application (versions 1.3.4 and earlier), dubbed "Matryoshka Mail," lets an attacker abuse path traversal in attachment handling to overwrite writable application files-Python modules, configuration, cron inputs, and runtime artifacts-yielding root-level execution inside the Django container. Because the affected code runs Python and processes attacker-supplied mail, overwriting an imported module effectively converts arbitrary file write into RCE, plus persistent denial of service and possible exposure of application secrets and integrations. No public exploit identified at time of analysis and the issue is not in CISA KEV, but it carries a CVSS 4.0 base score of 9.2 and vendor-credited discovery by Lucien Doustaly (wlayzz).

Denial Of Service Path Traversal RCE Python Suspicious
NVD GitHub
CVSS 4.0
9.2
EPSS
0.7%
EPSS 1% CVSS 9.2
CRITICAL Act Now

Remote unauthenticated code execution in Thales CERT's "Suspicious" email-analysis application (versions 1.3.4 and earlier), dubbed "Matryoshka Mail," lets an attacker abuse path traversal in attachment handling to overwrite writable application files-Python modules, configuration, cron inputs, and runtime artifacts-yielding root-level execution inside the Django container. Because the affected code runs Python and processes attacker-supplied mail, overwriting an imported module effectively converts arbitrary file write into RCE, plus persistent denial of service and possible exposure of application secrets and integrations. No public exploit identified at time of analysis and the issue is not in CISA KEV, but it carries a CVSS 4.0 base score of 9.2 and vendor-credited discovery by Lucien Doustaly (wlayzz).

Denial Of Service Path Traversal RCE +2
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy