CVE-2025-26244

Name of the Vulnerable Software and Affected Versions DeimosC2 version 1.1.0-Beta

Description The graph functionality of DeimosC2 is susceptible to Stored Cross-Site Scripting (XSS). This allows for the potential theft of session cookies and unauthorized access to the C2 server. DeimosC2 is a multi-protocol command and control (C2) framework written in Golang, supporting TCP, HTTPS, DNS over HTTPS (DoH), and QUIC protocols, and includes pivoting capabilities.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.