{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/tags/manga-image-translator/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[{"cvss":9.8,"id":"CVE-2026-10042"}],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["manga-image-translator"],"_cs_severities":["critical"],"_cs_tags":["rce","deserialization","CVE-2026-10042","manga-image-translator"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eManga-image-translator is susceptible to a critical remote code execution vulnerability, identified as CVE-2026-10042, affecting the shared API server mode. The root cause lies in the unsafe deserialization of untrusted pickle data within the \u003ccode\u003eshare.py\u003c/code\u003e module. Specifically, the \u003ccode\u003e/execute/{method_name}\u003c/code\u003e and \u003ccode\u003e/simple_execute/{method_name}\u003c/code\u003e endpoints are vulnerable, as they deserialize attacker-controlled HTTP request bodies using the \u003ccode\u003epickle.loads()\u003c/code\u003e function. This flaw allows a remote attacker to supply a specially crafted pickle payload, leading to the execution of arbitrary code within the server process. The default Docker deployment runs as root, which exacerbates the issue, potentially resulting in full container compromise. Defenders should prioritize detection and mitigation of this vulnerability.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAttacker identifies a manga-image-translator instance running in shared API server mode.\u003c/li\u003e\n\u003cli\u003eAttacker crafts a malicious pickle payload designed to execute arbitrary code on the server.\u003c/li\u003e\n\u003cli\u003eAttacker sends an HTTP POST request to either the \u003ccode\u003e/execute/{method_name}\u003c/code\u003e or \u003ccode\u003e/simple_execute/{method_name}\u003c/code\u003e endpoint.\u003c/li\u003e\n\u003cli\u003eThe HTTP request body contains the crafted pickle payload.\u003c/li\u003e\n\u003cli\u003eThe \u003ccode\u003eshare.py\u003c/code\u003e module\u0026rsquo;s vulnerable endpoint calls \u003ccode\u003epickle.loads()\u003c/code\u003e on the attacker-controlled payload.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003epickle.loads()\u003c/code\u003e deserializes the malicious payload, triggering arbitrary code execution.\u003c/li\u003e\n\u003cli\u003eThe attacker gains code execution within the container, running as root.\u003c/li\u003e\n\u003cli\u003eThe attacker leverages the compromised container to perform further malicious activities, such as data exfiltration or lateral movement.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2026-10042 allows a remote attacker to achieve remote code execution on the affected manga-image-translator server. When running in the default Docker deployment as root, this leads to full container compromise. The CVSS v3.1 base score for this vulnerability is 9.8, indicating a critical severity. The lack of information about affected deployments makes it hard to determine the number of victims, but exploitation could lead to data breaches, service disruption, or further attacks originating from the compromised server.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDeploy the Sigma rule \u0026ldquo;Detect CVE-2026-10042 Exploitation Attempt via Pickle Deserialization\u0026rdquo; to your SIEM to detect potential exploitation attempts based on suspicious HTTP POST requests to the vulnerable endpoints.\u003c/li\u003e\n\u003cli\u003eEnable webserver logging to monitor HTTP requests and responses to activate the Sigma rule effectively.\u003c/li\u003e\n\u003cli\u003eApply appropriate input validation and sanitization techniques to prevent the deserialization of untrusted data.\u003c/li\u003e\n\u003cli\u003eConsider running the manga-image-translator container with a non-root user to reduce the impact of a successful container compromise.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-05-29T15:17:37Z","date_published":"2026-05-29T15:17:37Z","id":"https://feed.craftedsignal.io/briefs/2026-05-manga-image-rce/","summary":"Manga-image-translator is vulnerable to remote code execution (CVE-2026-10042) in the shared API server mode due to unsafe deserialization of untrusted pickle data, allowing a remote attacker to execute arbitrary code in the server process.","title":"Manga-Image-Translator Remote Code Execution via Pickle Deserialization (CVE-2026-10042)","url":"https://feed.craftedsignal.io/briefs/2026-05-manga-image-rce/"}],"language":"en","title":"CraftedSignal Threat Feed — Manga-Image-Translator","version":"https://jsonfeed.org/version/1.1"}