RCE in Zeecka Aperisolve

CVE-2026-34977

Aperi'Solve is an open-source steganalysis web platform. Prior to 3.2.1, when uploading a JPEG, a user can specify an optional password to accompany the JPEG. This password is then directly passed into an expect command, which is then subs…

Vulnerability class: Command Injection (OS Command Injection)

EPSS: 0.003 (55.3th percentile) — read the EPSS interpretation.

Affected products

Zeecka Aperisolve — versions < 3.2.1

Weakness classification (CWE)

CWE-78 — OS Command Injection

References

https://github.com/Zeecka/AperiSolve/security/advisories/GHSA-8r22-62p7-9jrp (x_refsource_CONFIRM)
https://github.com/Zeecka/AperiSolve/pull/195 (x_refsource_MISC)
https://github.com/Zeecka/AperiSolve/commit/0193ca4a7d8ae9d6ba6cde82d37a6f94953463b4 (x_refsource_MISC)
https://github.com/Zeecka/AperiSolve/releases/tag/3.2.1 (x_refsource_MISC)