CVE-2026-27476

Name of the Vulnerable Software and Affected Versions RustFly version 2.0.0

Description RustFly 2.0.0 contains a command injection issue in its remote UI control mechanism. The software accepts hex-encoded instructions over UDP port 5005 without proper sanitization. Attackers can send crafted hex-encoded payloads containing system commands to execute arbitrary operations on the target system. This includes the potential for reverse shell establishment and command execution. The vulnerable component accepts instructions via UDP port 5005.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.