CVE-2026-1064

Name of the Vulnerable Software and Affected Versions bastillion-io Bastillion versions up to 4.0.1

Description A command injection issue exists in the System Management Module of bastillion-io Bastillion. The issue is related to unknown processing within the file src/main/java/io/bastillion/manage/control/SystemKtrl.java. Successful exploitation allows remote attackers to inject commands. The exploit has been made public.

Recommendations Update to a version later than 4.0.1. As a temporary workaround, consider restricting access to the SystemKtrl.java file to minimize the risk of exploitation.