{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/vendors/quark/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[{"cvss":8.8,"id":"CVE-2026-45229"}],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["Quark Drive \u003c 0.8.5"],"_cs_severities":["high"],"_cs_tags":["mass-assignment","privilege-escalation","persistence","cve-2026-45229"],"_cs_type":"advisory","_cs_vendors":["Quark"],"content_html":"\u003cp\u003eQuark Drive before version 0.8.5 is susceptible to a mass assignment vulnerability identified as CVE-2026-45229. This flaw resides in the POST /update endpoint. An authenticated attacker can exploit this vulnerability to overwrite administrator credentials by sending a crafted webui object to the config_data dictionary. The insufficient deny-list filtering allows the attacker to permanently replace stored login credentials, effectively locking out legitimate administrators. Successful exploitation grants persistent access to all configured tasks, cloud tokens, and notification services managed by the Quark Drive instance. This vulnerability poses a significant risk to data confidentiality and system availability.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAttacker authenticates to Quark Drive using valid user credentials.\u003c/li\u003e\n\u003cli\u003eAttacker crafts a malicious HTTP POST request targeting the \u003ccode\u003e/update\u003c/code\u003e endpoint.\u003c/li\u003e\n\u003cli\u003eThe POST request includes a \u003ccode\u003econfig_data\u003c/code\u003e dictionary containing a \u003ccode\u003ewebui\u003c/code\u003e object.\u003c/li\u003e\n\u003cli\u003eThe \u003ccode\u003ewebui\u003c/code\u003e object is designed to overwrite existing administrator credentials.\u003c/li\u003e\n\u003cli\u003eThe server-side deny-list filtering fails to properly sanitize the input, allowing the malicious \u003ccode\u003ewebui\u003c/code\u003e object to be processed.\u003c/li\u003e\n\u003cli\u003eThe administrator\u0026rsquo;s credentials stored within the Quark Drive configuration are replaced with attacker-controlled values.\u003c/li\u003e\n\u003cli\u003eThe legitimate administrator is locked out of the system due to the credential change.\u003c/li\u003e\n\u003cli\u003eThe attacker gains persistent access to all configured tasks, cloud tokens, and notification services, allowing for unauthorized data access and control.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2026-45229 allows an attacker to overwrite administrator credentials, leading to a complete lockout of legitimate administrators. This grants the attacker persistent and unauthorized control over all Quark Drive functions, including tasks, cloud tokens, and notification services. The attacker can then access sensitive data, modify configurations, and disrupt services, potentially leading to significant financial and reputational damage.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade Quark Drive instances to version 0.8.5 or later to remediate CVE-2026-45229.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule \u003ccode\u003eDetect Quark Drive Mass Assignment Attempt\u003c/code\u003e to identify suspicious POST requests to the \u003ccode\u003e/update\u003c/code\u003e endpoint.\u003c/li\u003e\n\u003cli\u003eMonitor web server logs for unusual POST requests to the \u003ccode\u003e/update\u003c/code\u003e endpoint that include a \u003ccode\u003econfig_data\u003c/code\u003e dictionary with \u003ccode\u003ewebui\u003c/code\u003e objects.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-05-13T21:17:59Z","date_published":"2026-05-13T21:17:59Z","id":"https://feed.craftedsignal.io/briefs/2026-05-cve-2026-45229-quark-drive-mass-assignment/","summary":"Quark Drive before version 0.8.5 is vulnerable to a mass assignment vulnerability (CVE-2026-45229) in the POST /update endpoint, where authenticated attackers can overwrite administrator credentials, gaining persistent access to configured tasks, cloud tokens, and notification services.","title":"CVE-2026-45229: Quark Drive Mass Assignment Vulnerability Allows Credential Overwrite","url":"https://feed.craftedsignal.io/briefs/2026-05-cve-2026-45229-quark-drive-mass-assignment/"}],"language":"en","title":"CraftedSignal Threat Feed — Quark","version":"https://jsonfeed.org/version/1.1"}