Loopofficial

**Name of the Vulnerable Software and Affected Versions** Catalyst versions prior to 11980aaf3f46315b02777f325ba02c56b110165d **Description** The platform allows users with `template.create` or `template.update` permissions to define arbitrary shell commands within server templates. These commands are executed as root via `bash -c` on the host operating system without any sandboxing or containerization, leading to full root-level remote code execution on every node machine in the cluster. The affected API endpoint is the server template creation/update functionality. The vulnerable variable is the template content itself, which allows for arbitrary shell command injection. **Recommendations** Update to version 11980aaf3f46315b02777f325ba02c56b110165d or later. Restrict permissions for `template.create` and `template.update` to prevent unauthorized users from defining arbitrary shell commands.