Threats Tagged 'cve-2026-48547'
View all threats tagged with 'cve-2026-48547'. Filter and sort to focus on specific types of threats.
Stop chasing alerts. Route them.
Start free, then upgrade once to turn Radar into an automated delivery engine for your security stack.
Custom feeds / Automations: email, Slack, webhooks, SIEM/MISP / API access (baseline limits)
API access activates after upgrading in Console -> Billing.
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.
Filter Threats
Narrow down the results by type, severity, or affected countries
Threats Tagged 'cve-2026-48547'
Click on any threat for detailed analysis and mitigation recommendations
CVE-2026-48547: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in lingdojo kana-dojoCVE-2026-48547 0 KanaDojo contains a command injection vulnerability that allows an attacker with pull request access to execute arbitrary shell commands by inserting shell metacharacters into the version or changes fields of patchNotesData.json, which are interpolated unsanitized into a child_process.execSync() call in the release.yml workflow. Attackers can have a malicious pull request merged to trigger the GitHub Actions runner with contents write permissions and access to GITHUB_TOKEN. Join the discussion | CVE Database V5 | 06/11/2026, 18:33:14 UTC Added: 06/11/2026, 19:00:43 UTC |
Showing 1 to 1 of 1 result