CVE-2026-10042

Name of the Vulnerable Software and Affected Versions manga-image-translator (affected versions not specified)

Description Remote code execution is possible in the shared API server mode due to unsafe deserialization of untrusted pickle data within the share.py module. The endpoints '/execute/{method name}' and '/simple execute/{method name}' use pickle.loads() to deserialize HTTP request bodies controlled by an attacker. A remote attacker can provide a crafted pickle payload to these endpoints to execute arbitrary code in the server process, which can lead to full container compromise when the software is running as root in the default Docker deployment.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.