CVE-2026-45229: Mass Assignment in Quark Drive
Plattform
nodejs
Komponente
quark-auto-save
Behoben in
0.8.5
CVE-2026-45229 describes a mass assignment vulnerability discovered in Quark Drive. This flaw allows authenticated attackers to manipulate administrator credentials by exploiting insufficient input validation within the /update endpoint. The vulnerability impacts versions prior to 0.8.5 and can result in unauthorized access and control of the system. A patch is available in version 0.8.5.
Auswirkungen und Angriffsszenarien
The core of this vulnerability lies in Quark Drive's handling of data submitted to the /update endpoint. Attackers can craft malicious POST requests containing arbitrary webui objects targeted at the config_data dictionary. Due to inadequate deny-list filtering, these objects can be used to overwrite stored administrator login credentials. Successful exploitation allows an attacker to permanently replace legitimate credentials, effectively locking out authorized administrators. This grants the attacker persistent access to all configured tasks, cloud tokens, and notification services managed by Quark Drive, potentially leading to widespread compromise and data exfiltration. The impact is significant due to the potential for complete system takeover and long-term persistence.
Ausnutzungskontext
CVE-2026-45229 was published on May 13, 2026. The vulnerability's severity is rated HIGH (CVSS 8.8). Currently, there are no publicly available exploits or active campaigns targeting this vulnerability. It is not listed on KEV or EPSS, indicating a low to medium probability of exploitation. Monitor security advisories and threat intelligence feeds for any updates regarding exploitation attempts.
Bedrohungsanalyse
Exploit-Status
CVSS-Vektor
Was bedeuten diese Metriken?
- Attack Vector
- Netzwerk — aus der Ferne über das Internet ausnutzbar. Kein physischer oder lokaler Zugriff erforderlich.
- Attack Complexity
- Niedrig — keine besonderen Bedingungen erforderlich. Zuverlässig ausnutzbar.
- Privileges Required
- Niedrig — jedes gültige Benutzerkonto ist ausreichend.
- User Interaction
- Keine — automatischer und lautloser Angriff. Das Opfer tut nichts.
- Scope
- Unverändert — Auswirkung auf das anfällige Komponente beschränkt.
- Confidentiality
- Hoch — vollständiger Vertraulichkeitsverlust. Angreifer kann alle Daten lesen.
- Integrity
- Hoch — Angreifer kann beliebige Daten schreiben, ändern oder löschen.
- Availability
- Hoch — vollständiger Absturz oder Ressourcenerschöpfung. Totaler Denial of Service.
Betroffene Software
Schwachstellen-Klassifikation (CWE)
Zeitleiste
- Reserviert
- Veröffentlicht
Mitigation und Workarounds
The primary mitigation for CVE-2026-45229 is to immediately upgrade Quark Drive to version 0.8.5 or later. If an upgrade is not immediately feasible, consider implementing temporary workarounds. Review and strengthen input validation on the /update endpoint to prevent arbitrary data from being written to the config_data dictionary. Implement stricter access controls to limit who can access and modify the /update endpoint. Consider using a Web Application Firewall (WAF) to filter malicious requests targeting the endpoint. Monitor logs for suspicious POST requests to the /update endpoint, specifically looking for unusual data structures or attempts to modify sensitive configuration parameters.
So behebenwird übersetzt…
Actualice Quark Drive a la versión 0.8.5 o superior para mitigar la vulnerabilidad de asignación masiva. Esta actualización corrige la falta de filtrado adecuado en la lista de denegación, previniendo que atacantes puedan sobrescribir las credenciales del administrador.
Häufig gestellte Fragen
What is CVE-2026-45229 — mass assignment in Quark Drive?
CVE-2026-45229 is a HIGH severity vulnerability in Quark Drive allowing authenticated attackers to overwrite administrator credentials via the /update endpoint, leading to persistent access and control of the system. It affects versions prior to 0.8.5.
Am I affected by CVE-2026-45229 in Quark Drive?
You are affected if you are running Quark Drive versions 0.0.0–ea8377a596446291953dbe36e2d119d85bcd865b. Verify your version and upgrade to 0.8.5 to mitigate the risk.
How do I fix CVE-2026-45229 in Quark Drive?
The recommended fix is to upgrade Quark Drive to version 0.8.5 or later. If immediate upgrade is not possible, implement temporary workarounds such as strengthening input validation and access controls.
Is CVE-2026-45229 being actively exploited?
Currently, there are no publicly available exploits or active campaigns targeting CVE-2026-45229. However, it's crucial to apply the patch promptly to prevent potential future exploitation.
Where can I find the official Quark Drive advisory for CVE-2026-45229?
Refer to the official Quark Drive security advisory for CVE-2026-45229 on the Quark Drive website or relevant security channels. Check their documentation for the latest updates and guidance.
Ist dein Projekt betroffen?
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.
Jetzt testen — kein Konto
Laden Sie ein Manifest hoch (composer.lock, package-lock.json, WordPress Plugin-Liste…) oder fügen Sie Ihre Komponentenliste ein. Sie erhalten sofort einen Schwachstellenbericht. Das Hochladen einer Datei ist nur der Anfang: Mit einem Konto erhalten Sie kontinuierliche Überwachung, Slack/email-Benachrichtigungen, Multi-Projekt- und White-Label-Berichte.
Abhängigkeitsdatei hier ablegen
composer.lock, package-lock.json, requirements.txt, Gemfile.lock, pubspec.lock, Dockerfile...