PT-2026-57666 · Thales · Suspicious

Published

2026-07-13

·

Updated

2026-07-13

·

CVE-2026-13014

CVSS v4.0

9.2

Critical

VectorAV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Name of the Vulnerable Software and Affected Versions Thales CERT "Suspicious" application versions 1.3.4 and earlier
Description An arbitrary file overwrite and improper input validation flaw allows a remote, unauthenticated attacker to overwrite writable application files within the Django application container. Affected files include Python modules, configuration files, cron inputs, and runtime artifacts. This occurs because the application fails to constrain attacker-controlled paths or file targets to safe locations. Successful exploitation can lead to arbitrary code execution, persistent denial of service, compromise of application secrets or integrations, and root-level execution inside the container.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

DoS

Path traversal

Code Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2026-13014

Affected Products

Suspicious