Maylio

**Name of the Vulnerable Software and Affected Versions** qBittorrent versions 4.5.5 and earlier **Description** The issue is related to the use of default credentials when the web user interface is enabled, allowing a remote attacker to authenticate and execute arbitrary operating system commands using the "external program" feature. This was reportedly exploited in the wild in March 2023. **Recommendations** As a temporary workaround, consider disabling the "external program" feature in the web user interface until a patch is available. Restrict access to the web user interface to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.