216.73.217.86

CVE-2026-10042

· Published 29/05/2026 15:16 · Modified 29/05/2026 16:29

Labels: CVE-2026-10042 2026-05-29CVE-2026-10042CWE-502[email protected]

Essential information

Published
29/05/2026 15:16
Modified
29/05/2026 16:29
Author
Creator
CVSS
9.2 CRITICAL (v3) 9.2 CRITICAL (v4.0)
CISA KEV
No
CWE
CVSS vector

CVSS metrics

Description

manga-image-translator contains a remote code execution vulnerability in the shared API server mode due to unsafe deserialization of untrusted pickle data in the share.py module, where the /execute/{method_name} and /simple_execute/{method_name} endpoints deserialize attacker-controlled HTTP request bodies using pickle.loads(). A remote attacker can supply a crafted pickle payload to these endpoints to execute arbitrary code in the server process, resulting in full container compromise when running in the default Docker deployment as root.

NVD status

Status
Deferred — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
manga-image-translator / manga-image-translator cpe:2.3:a:manga-image-translator:manga-image-translator:*:*:*:*:*:*:*:*

References