CVE-2026-0764

Name of the Vulnerable Software and Affected Versions GPT Academic (affected versions not specified)

Description A flaw exists that allows remote attackers to execute arbitrary code on affected installations of GPT Academic. Authentication is not required to exploit this issue. The vulnerability is due to insufficient validation of user-supplied data within the upload endpoint, leading to deserialization of untrusted data. An attacker can potentially execute code with root privileges. The specific API endpoint involved is the upload endpoint. The vulnerability stems from the deserialization of untrusted data, potentially through a vulnerable parameter submitted during the upload process.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.