← العودة للجدول
CVE-2026-45579
CVE-2026-45579 — DIRAC is vulnerable to RCE in RequestManager due to eval on untrusted input
📅 2026-07-13
🔴 Critical 🔥 No GHSA Exploit Open Source CVSS 9.9

📋 الوصف الكامل

### Summary An remote code execution vulnerability exists in RequestManager due to the use of eval on untrusted input that allows any authenticated user to run code/commands on the DIRAC server as the system user running the DIRAC services. ### Details The export_getRequestCountersWeb function is callable by any authenticated user and just passes its parameters directly to the database instance:

💻 الأنظمة المتأثرة

⚠️ نوع التهديد

Exploit

🔗 CVE ID

CVE-2026-45579

📡 المصدر

GHSA

✅ الحلول والتخفيف

Update to v8.0.79

🔗 المصدر الأصلي ← 📘 NVD ← ⚡ CISA KEV ← 🔍 Valters IT ←