Security Advisory

CVE-2026-27476

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2026-02-19 20:43:08

Last updated 2026-02-20 20:03:30

Assigner VulnCheck

State PUBLISHED

Description

RustFly 2.0.0 contains a command injection vulnerability in its remote UI control mechanism that accepts hex-encoded instructions over UDP port 5005 without proper sanitization. Attackers can send crafted hex-encoded payloads containing system commands to execute arbitrary operations on the target system, including reverse shell establishment and command execution.

← Browse all CVEs View on cve.org ↗