PT-2026-57666 · Thales · Suspicious
Published
2026-07-13
·
Updated
2026-07-13
·
CVE-2026-13014
CVSS v4.0
9.2
Critical
| Vector | AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
Name of the Vulnerable Software and Affected Versions
Thales CERT "Suspicious" application versions 1.3.4 and earlier
Description
An arbitrary file overwrite and improper input validation flaw allows a remote, unauthenticated attacker to overwrite writable application files within the Django application container. Affected files include Python modules, configuration files, cron inputs, and runtime artifacts. This occurs because the application fails to constrain attacker-controlled paths or file targets to safe locations. Successful exploitation can lead to arbitrary code execution, persistent denial of service, compromise of application secrets or integrations, and root-level execution inside the container.
Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
DoS
Path traversal
Code Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Suspicious