CVE-2026-27208

Name of the Vulnerable Software and Affected Versions bleon-ethical/api-gateway-deploy version 1.0.0

Description The software is susceptible to an attack chain involving OS Command Injection and Privilege Escalation. Successful exploitation allows an attacker to execute arbitrary commands with root privileges within the container, potentially leading to a container escape and unauthorized infrastructure modifications. The issue is related to insufficient input validation and insecure configurations.

Recommendations Update to version 1.0.1, which includes fixes such as strict input sanitization and secure delimiters in the entrypoint.sh file, enforcement of a non-root user (appuser) in the Dockerfile, and mandatory security quality gates.