CVE-2026-52100 in linux-serverinfo

Summary

by MITRE • 07/15/2026

Cross Site Request Forgery vulnerability in andreimarcu linux-server v.1.0 through v.2.3.8 allows a remote attacker to execute arbitrary code via the uploadPutHandler function

Be aware that VulDB is the high quality source for vulnerability data.

Analysis

by VulDB Data Team • 07/15/2026

This cross site request forgery vulnerability exists within the andreimarcu linux-server software version 1.0 through 2.3.8, representing a critical security flaw that enables remote attackers to execute arbitrary code through the uploadPutHandler function. The vulnerability stems from insufficient validation of incoming requests, specifically failing to properly authenticate and verify the origin of file upload operations. The uploadPutHandler function lacks proper CSRF token verification mechanisms, allowing malicious actors to craft forged requests that appear legitimate to the server. This flaw directly maps to CWE-352, which defines Cross-Site Request Forgery as a weakness where an attacker tricks a victim into performing actions they did not intend to execute. The vulnerability operates at the application layer and can be exploited through various attack vectors including malicious web pages, email attachments, or compromised third-party websites that embed crafted requests targeting the vulnerable server.

The technical implementation of this vulnerability exposes a fundamental flaw in the server's request handling process where authentication tokens are either missing, improperly validated, or not required for file upload operations. When an attacker successfully exploits this CSRF vulnerability, they can manipulate the uploadPutHandler function to execute arbitrary code on the target system by uploading malicious files that bypass normal security checks. The impact extends beyond simple code execution as it potentially allows attackers to gain full control over the server's file system and execute commands with elevated privileges. This represents a severe operational risk since it can lead to complete system compromise, data exfiltration, and potential lateral movement within network environments where the vulnerable server resides.

The exploitation of this vulnerability requires minimal prerequisites and can be executed remotely without requiring direct access to the target system. Attackers typically construct malicious requests that leverage the victim's authenticated session with the vulnerable server, making detection particularly challenging as legitimate user traffic appears normal. The attack surface is further expanded by the fact that the vulnerability affects multiple versions of the software, indicating a persistent design flaw rather than a one-time oversight. From an operational perspective, this vulnerability can result in complete data loss, unauthorized access to sensitive information, and potential service disruption that impacts business continuity. Organizations using affected versions of the andreimarcu linux-server software face significant risk exposure and should consider immediate remediation measures.

Mitigation strategies for this CSRF vulnerability include implementing robust CSRF token validation mechanisms within the uploadPutHandler function, enforcing strict request origin verification, and ensuring all file upload operations require proper authentication and authorization checks. Organizations should upgrade to patched versions of the andreimarcu linux-server software as soon as possible, while also implementing additional security controls such as web application firewalls and input validation measures. The implementation of proper session management and anti-CSRF tokens aligns with ATT&CK technique T1203 which describes exploitation of web applications for privilege escalation and code execution. Regular security assessments and penetration testing should be conducted to identify similar vulnerabilities in other applications and systems within the organization's infrastructure, while also ensuring that all software components are kept up-to-date with the latest security patches and updates.

Responsible

MITRE

Reservation

06/08/2026

Disclosure

07/15/2026

Moderation

accepted

CPE

ready

EPSS

0.00000

KEV

no

Activities

very low

Sources

Do you know our Splunk app?

Download it now for free!