Remote Code Execution Vulnerability in Thales CERT Suspicious Application
CVE-2026-13014

9.2CRITICAL

Key Information:

Vendor
CVE Published:
13 July 2026

What is CVE-2026-13014?

A significant vulnerability exists in the Thales CERT 'Suspicious' application versions 1.3.4 and earlier, allowing remote and unauthenticated attackers to execute arbitrary code. This can lead to arbitrary overwriting of writable application files, such as Python modules, configuration settings, cron inputs, and runtime artifacts. Consequently, this raises the risk of persistent denial of service and potential compromise of sensitive application secrets or integrations, permitting attackers to gain root-level execution access within the Django application container.

Affected Version(s)

Suspicious v1.2.0

References

CVSS V4

Score:
9.2
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
Physical
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.