Remote Code Execution Vulnerability in Manga Image Translator by Zyd-Dnys
CVE-2026-10042

9.2CRITICAL

Key Information:

Vendor: Zyddnys
Status: Manga-image-translator
Vendor: CVE Published:; 29 May 2026

What is CVE-2026-10042?

Manga Image Translator is susceptible to a remote code execution flaw arising from unsafe deserialization of untrusted pickle data in its API server's shared mode. This vulnerability affects the /execute/{method_name} and /simple_execute/{method_name} endpoints, which allow the processing of attacker-supplied HTTP request bodies. By providing a specially crafted pickle payload, a remote attacker is capable of executing arbitrary code within the server process, leading to a complete compromise of the container, especially in default Docker deployments that run with root privileges.

Affected Version(s)

manga-image-translator 0

References

https://github.com/zyddnys/manga-image-translator/issues/...

issue-tracking

https://github.com/zyddnys/manga-image-translator/pull/1142

technical-description

https://github.com/zyddnys/manga-image-translator/commit/...

patch

CVSS V4

Score:

9.2

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 29, 2026
Vulnerability Reserved
May 28, 2026

Credit

YU SUN

CVE-2026-10042 Data

JSON

Zyddnys

What is CVE-2026-10042?

Affected Version(s)

References

CVSS V4

Timeline

Credit