Remote Code Execution Vulnerability in Aperi'Solve by Zeecka
CVE-2026-34977

9.3CRITICAL

Key Information:

Vendor

Zeecka

Status
Aperisolve
Vendor
CVE Published:
6 April 2026

What is CVE-2026-34977?

Aperi'Solve, an open-source steganalysis web platform, contains a serious vulnerability prior to version 3.2.1, where it fails to sanitize user-inputted passwords during JPEG uploads. This oversight allows an unauthenticated attacker to execute arbitrary commands with root privileges inside the worker container through a crafted HTTP request. As a result, all user-uploaded images and sensitive data can be accessed and manipulated. Furthermore, due to the platform's shared Docker network with PostgreSQL and Redis, attackers have the opportunity to compromise databases or disrupt job queues, leading to further exploitation of the system. This flaw underlines the importance of proper input validation and secure coding practices to prevent potential host compromises and website defacement.

Affected Version(s)

AperiSolve < 3.2.1

References

https://github.com/Zeecka/AperiSolve/security/advisories/...
x_refsource_CONFIRM
https://github.com/Zeecka/AperiSolve/pull/195
x_refsource_MISC
https://github.com/Zeecka/AperiSolve/commit/0193ca4a7d8ae...
x_refsource_MISC

CVSS V4

Score:
9.3
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.