32°N › Security › Findings › MSS SK 2026 0020

← all advisories

MSS-SK-2026-0020

Unauthenticated RCE via track filename injection

Summary

Unauthenticated RCE via track filename injection.

Impact

see PoC script header

Evidence — code citations

research/audits/signalk/exploits/0020-galadrielmap-sk-unauthenticated-rce-via-track-filename-injec.py

Proof of concept

research/audits/signalk/exploits/0020-galadrielmap-sk-unauthenticated-rce-via-track-filename-injec.py/

0020-galadrielmap-sk-unauthenticated-rce-via-track-filename-injec.py — single-file

← all advisories