CVE-2026-45229
Published: 13 May 2026
Summary
CVE-2026-45229 is a high-severity Improperly Controlled Modification of Dynamically-Determined Object Attributes (CWE-915) vulnerability. Its CVSS base score is 8.8 (High).
Operationally, ranked at the 15.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
NVD Description
Quark Drive before 0.8.5 contains a mass assignment vulnerability in the POST /update endpoint that allows authenticated attackers to overwrite administrator credentials by posting an arbitrary webui object to the config_data dictionary. Attackers can exploit insufficient deny-list filtering to permanently…
more
replace stored login credentials, lock out legitimate administrators, and gain persistent access to all configured tasks, cloud tokens, and notification services.
Deeper analysisAI
Automated synthesis unavailable for this CVE.
Details
- CWE(s)