CVE-2026-26068

CVSS v3.1

9.9

Critical

Vector

AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions emp3r0r versions prior to 3.21.1

Description emp3r0r is a command and control (C2) tool designed for Linux environments. Versions prior to 3.21.1 accept untrusted agent metadata, specifically Transport and Hostname, during the check-in process. This metadata is then used in tmux shell command strings executed via /bin/sh -c, leading to command injection and potential remote code execution on the operator host.

Recommendations Update to version 3.21.1 or later.

Exploit

Fix

RCE

Command Injection

OS Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-77CWE-78

Related Identifiers

CVE-2026-26068

GHSA-H5P4-4XP4-VJPP

Affected Products

Emp3R0R

CVE-2026-26068

Weakness Enumeration

Related Identifiers

Affected Products

References · 11