Princep49036142

**Name of the Vulnerable Software and Affected Versions** NiceHash QuickMiner version 6.12.0 **Description** The software updates are performed over HTTP without validating digital signatures or hash checks. An attacker intercepting or redirecting traffic to the update URL can hijack the update process and deliver arbitrary executables, leading to full remote code execution. This represents a critical supply chain attack vector. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.