| Title | bastillion-io Bastillion SSH Key Manager <=4.0.1 Command Injection |
|---|
| Description | A command injection vulnerability has been identified in the system management module. Authenticated users with system creation or edit privileges can inject malicious commands by manipulating the authorized_keys path parameter, which are then executed on remote systems during SSH key distribution operations. |
|---|
| Source | ⚠️ https://github.com/AnalogyC0de/public_exp/blob/main/archives/Bastillion/report2.md |
|---|
| User | Ana10gy (UID 93358) |
|---|
| Submission | 01/04/2026 15:52 (5 months ago) |
|---|
| Moderation | 01/16/2026 20:14 (12 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 341632 [bastillion-io Bastillion up to 4.0.1 System Management SystemKtrl.java command injection] |
|---|
| Points | 18 |
|---|