CVE-2026-34977

Name of the Vulnerable Software and Affected Versions Aperi'Solve versions prior to 3.2.1

Description Aperi'Solve, an open-source steganalysis web platform, is susceptible to an unauthenticated remote code execution (RCE) vulnerability. When uploading a JPEG file, a user-provided password is directly incorporated into a bash command without proper sanitization or validation. This allows an attacker to achieve root-level RCE within the worker container, granting full read/write access to user-uploaded images, analysis results, and steganography passwords. The attacker can potentially pivot to dump the entire PostgreSQL database or manipulate the Redis job queue. If Docker socket mounting or host volume mounts are present, full host compromise is possible, including website defacement. The vulnerability affects the JPSeek analyzer functionality.

Recommendations Update to version 3.2.1 or later.