| Title | bastillion-io Bastillion <=4.0.1 Command Injection |
|---|
| Description | A command injection vulnerability has been identified in the public key management system. Authenticated users with public key upload privileges can inject malicious commands by including specially crafted content in their public keys, which are then executed on remote systems during SSH key distribution operations. |
|---|
| Source | ⚠️ https://github.com/AnalogyC0de/public_exp/blob/main/archives/Bastillion/report1.md |
|---|
| User | Ana10gy (UID 93358) |
|---|
| Submission | 01/04/2026 15:26 (5 months ago) |
|---|
| Moderation | 01/16/2026 20:14 (12 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 341631 [bastillion-io Bastillion up to 4.0.1 Public Key Management System AuthKeysKtrl.java command injection] |
|---|
| Points | 18 |
|---|