CVE-2026-45229

Name of the Vulnerable Software and Affected Versions Quark Drive versions prior to 0.8.5

Description A mass assignment issue exists in the "POST /update" endpoint. Authenticated attackers can overwrite administrator credentials by submitting an arbitrary webui object to the config data dictionary. This is possible due to insufficient deny-list filtering, which allows the permanent replacement of stored login credentials. Consequently, legitimate administrators may be locked out, and attackers can gain persistent access to all configured tasks, cloud tokens, and notification services.

Recommendations Update to version 0.8.5 or later.