Product

Dalfox

3 briefs RSS

Dalfox Server Mode Unauthenticated Arbitrary File Read

Dalfox server mode is vulnerable to an unauthenticated arbitrary file read with out-of-band exfiltration via the `custom-payload-file` parameter, allowing attackers to read sensitive files on the host.

dalfox/v2 unauthenticated-access file-read ghsa

2r 3t 58m ago

medium advisory

Dalfox Unauthenticated Remote DoS via Closed-Channel Write in ParameterAnalysis

2 rules 1 TTP

Dalfox is vulnerable to an unauthenticated remote denial-of-service (DoS) vulnerability (CVE-2026-45090) due to a closed channel write in the `ParameterAnalysis` function, triggered by a crafted POST request that crashes the Dalfox server process.

dalfox dos vulnerability

2r 1t 59m ago

critical advisory

Dalfox Server Mode Vulnerable to Unauthenticated Remote Code Execution via `found-action`

2 rules 1 TTP

Dalfox in REST API server mode is vulnerable to unauthenticated remote code execution (CVE-2026-45087) because the server binds to 0.0.0.0:6664 by default without requiring an API key and deserializes attacker-supplied JSON in `POST /scan` without stripping the `FoundAction` and `FoundActionShell` fields, allowing arbitrary command execution.

dalfox/v2 rce dalfox cve-2026-45087

2r 1t 59m ago