CVE-2026-3965

Name of the Vulnerable Software and Affected Versions whyour qinglong versions through 2.20.1

Description A security issue has been identified in whyour qinglong. The problem resides in an unknown function within the back/loaders/express.ts file of the API Interface component. Manipulation of the command argument can bypass a protection mechanism. This issue can be exploited remotely, and a public exploit is available.

API Endpoint: Not specified. Vulnerable Parameter: command

Recommendations Versions prior to 2.20.2 should be upgraded to version 2.20.2 to address this issue.