{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-26068", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-02-10T18:01:31.900Z", "datePublished": "2026-02-12T22:01:23.212Z", "dateUpdated": "2026-02-13T17:17:57.660Z"}, "containers": {"cna": {"title": "emp3r0r Agent-Controlled Metadata to Operator RCE (tmux Command Injection)", "problemTypes": [{"descriptions": [{"cweId": "CWE-77", "lang": "en", "description": "CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection')", "type": "CWE"}]}, {"descriptions": [{"cweId": "CWE-78", "lang": "en", "description": "CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", "type": "CWE"}]}], "metrics": [{"cvssV4_0": {"attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "userInteraction": "ACTIVE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "HIGH", "subIntegrityImpact": "HIGH", "subAvailabilityImpact": "HIGH", "baseScore": 9.3, "baseSeverity": "CRITICAL", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H", "version": "4.0"}}], "references": [{"name": "https://github.com/jm33-m0/emp3r0r/security/advisories/GHSA-h5p4-4xp4-vjpp", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/jm33-m0/emp3r0r/security/advisories/GHSA-h5p4-4xp4-vjpp"}, {"name": "https://github.com/jm33-m0/emp3r0r/commit/0cd64e4a26e7839a9a54bca3d756a665fcb7fda0", "tags": ["x_refsource_MISC"], "url": "https://github.com/jm33-m0/emp3r0r/commit/0cd64e4a26e7839a9a54bca3d756a665fcb7fda0"}, {"name": "https://github.com/jm33-m0/emp3r0r/releases/tag/v3.21.1", "tags": ["x_refsource_MISC"], "url": "https://github.com/jm33-m0/emp3r0r/releases/tag/v3.21.1"}], "affected": [{"vendor": "jm33-m0", "product": "emp3r0r", "versions": [{"version": "< 3.21.1", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-02-12T22:01:23.212Z"}, "descriptions": [{"lang": "en", "value": "emp3r0r is a stealth-focused C2 designed by Linux users for Linux environments. Prior to 3.21.1, untrusted agent metadata (Transport, Hostname) is accepted during check-in and later interpolated into tmux shell command strings executed via /bin/sh -c. This enables command injection and remote code execution on the operator host. This vulnerability is fixed in 3.21.1."}], "source": {"advisory": "GHSA-h5p4-4xp4-vjpp", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-02-13T17:17:44.435176Z", "id": "CVE-2026-26068", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-13T17:17:57.660Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-26068", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-02-13T17:17:44.435176Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-13T17:17:51.518Z"}}], "cna": {"title": "emp3r0r Agent-Controlled Metadata to Operator RCE (tmux Command Injection)", "source": {"advisory": "GHSA-h5p4-4xp4-vjpp", "discovery": "UNKNOWN"}, "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 9.3, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H", "userInteraction": "ACTIVE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "subIntegrityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "subAvailabilityImpact": "HIGH", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH"}}], "affected": [{"vendor": "jm33-m0", "product": "emp3r0r", "versions": [{"status": "affected", "version": "< 3.21.1"}]}], "references": [{"url": "https://github.com/jm33-m0/emp3r0r/security/advisories/GHSA-h5p4-4xp4-vjpp", "name": "https://github.com/jm33-m0/emp3r0r/security/advisories/GHSA-h5p4-4xp4-vjpp", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/jm33-m0/emp3r0r/commit/0cd64e4a26e7839a9a54bca3d756a665fcb7fda0", "name": "https://github.com/jm33-m0/emp3r0r/commit/0cd64e4a26e7839a9a54bca3d756a665fcb7fda0", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/jm33-m0/emp3r0r/releases/tag/v3.21.1", "name": "https://github.com/jm33-m0/emp3r0r/releases/tag/v3.21.1", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "emp3r0r is a stealth-focused C2 designed by Linux users for Linux environments. Prior to 3.21.1, untrusted agent metadata (Transport, Hostname) is accepted during check-in and later interpolated into tmux shell command strings executed via /bin/sh -c. This enables command injection and remote code execution on the operator host. This vulnerability is fixed in 3.21.1."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-77", "description": "CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection')"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-78", "description": "CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-02-12T22:01:23.212Z"}}}, "cveMetadata": {"cveId": "CVE-2026-26068", "state": "PUBLISHED", "dateUpdated": "2026-02-13T17:17:57.660Z", "dateReserved": "2026-02-10T18:01:31.900Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2026-02-12T22:01:23.212Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:jm33-m0:emp3r0r:*:*:*:*:*:*:*:*", "matchCriteriaId": "D36AFE21-D613-40DC-A48C-81A01F786437", "versionEndExcluding": "3.21.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "emp3r0r is a stealth-focused C2 designed by Linux users for Linux environments. Prior to 3.21.1, untrusted agent metadata (Transport, Hostname) is accepted during check-in and later interpolated into tmux shell command strings executed via /bin/sh -c. This enables command injection and remote code execution on the operator host. This vulnerability is fixed in 3.21.1."}, {"lang": "es", "value": "emp3r0r es un C2 centrado en el sigilo, dise\u00f1ado por usuarios de Linux para entornos Linux. Antes de la versi\u00f3n 3.21.1, los metadatos no confiables del agente (Transport, Hostname) eran aceptados durante el registro (check-in) y posteriormente interpolados en cadenas de comandos de shell de tmux ejecutadas a trav\u00e9s de /bin/sh -c. Esto permite la inyecci\u00f3n de comandos y la ejecuci\u00f3n remota de c\u00f3digo en el host del operador. Esta vulnerabilidad est\u00e1 corregida en la versi\u00f3n 3.21.1."}], "id": "CVE-2026-26068", "lastModified": "2026-02-25T15:47:26.743", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.9, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.1, "impactScore": 6.0, "source": "[email protected]", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 9.3, "baseSeverity": "CRITICAL", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "HIGH", "subConfidentialityImpact": "HIGH", "subIntegrityImpact": "HIGH", "userInteraction": "ACTIVE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "[email protected]", "type": "Secondary"}]}, "published": "2026-02-12T22:16:06.507", "references": [{"source": "[email protected]", "tags": ["Patch"], "url": "https://github.com/jm33-m0/emp3r0r/commit/0cd64e4a26e7839a9a54bca3d756a665fcb7fda0"}, {"source": "[email protected]", "tags": ["Product", "Release Notes"], "url": "https://github.com/jm33-m0/emp3r0r/releases/tag/v3.21.1"}, {"source": "[email protected]", "tags": ["Exploit", "Vendor Advisory"], "url": "https://github.com/jm33-m0/emp3r0r/security/advisories/GHSA-h5p4-4xp4-vjpp"}], "sourceIdentifier": "[email protected]", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-77"}, {"lang": "en", "value": "CWE-78"}], "source": "[email protected]", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-78"}], "source": "[email protected]", "type": "Primary"}]}

{}

{"created": "2026-02-13T21:29:15.340771+00:00", "updated": "2026-02-13T21:29:15.340839+00:00", "vendors": ["jm33-m0", "jm33-m0$PRODUCT$emp3r0r"]}