CVE-2026-34977

Name of the Vulnerable Software and Affected Versions Aperi'Solve versions prior to 3.2.1

Description Aperi'Solve is a steganalysis web platform. Before version 3.2.1, a password provided when uploading a JPEG is passed directly into an expect command and then a bash -c command without sanitization. This allows an unauthenticated attacker to achieve root-level remote code execution (RCE) within the worker container, granting full read/write access to user-uploaded images, analysis results, and steganography passwords. The container shares a Docker network with PostgreSQL and Redis, allowing the attacker to potentially dump the database or manipulate the job queue. Docker socket mounting or host volume mounts could lead to full host compromise, including website defacement.

Recommendations Update to version 3.2.1 or later.