CVE-2026-0762

High CVSS: 8.1

GPT Academic stream_daas Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GPT Academic. Interaction with a malicious DAAS server is required to exploit this vulnerability but attack vectors may vary depending on the implementation.

The specific flaw exists within the stream_daas function. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-27956.

Vendor

Binary-husky

Product

Gpt Academic

CWE

CWE-502

Yayın Tarihi

2026-01-23 04:16:02

Güncelleme

2026-02-18 16:41:56

Source Identifier

zdi-disclosures@trendmicro.com

KEV Date Added

Kategoriler

CWE-502 Gpt Academic HIGH Binary-husky 2026

Referanslar

https://www.zerodayinitiative.com/advisories/ZDI-26-028/

Benzer Kayıtlar

Critical

CVE-2026-0763

GPT Academic run_in_subprocess_wrapper_func Deserialization of Untrusted Data Remote Code Execution Vulnerability. This…

Critical

CVE-2026-0764

GPT Academic upload Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows rem…

Medium

CVE-2025-10236

A vulnerability has been found in binary-husky gpt_academic up to 3.91. Impacted is the function merge_tex_files_ of the…

Medium

CVE-2025-0183

A stored cross-site scripting (XSS) vulnerability exists in the Latex Proof-Reading Module of binary-husky/gpt_academic…

Medium

CVE-2024-12387

A vulnerability in the binary-husky/gpt_academic repository, as of commit git 3890467, allows an attacker to crash the s…

Medium

CVE-2024-12388

A vulnerability in binary-husky/gpt_academic version 310122f allows for a Regular Expression Denial of Service (ReDoS) a…