{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-29042", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-03-03T17:50:11.242Z", "datePublished": "2026-03-06T06:57:11.332Z", "dateUpdated": "2026-03-09T19:57:06.516Z"}, "containers": {"cna": {"title": "Nuclio Shell Runtime Command Injection Leading to Privilege Escalation", "problemTypes": [{"descriptions": [{"cweId": "CWE-75", "lang": "en", "description": "CWE-75: Failure to Sanitize Special Elements into a Different Plane (Special Element Injection)", "type": "CWE"}]}], "metrics": [{"cvssV4_0": {"attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "baseScore": 8.9, "baseSeverity": "HIGH", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P", "version": "4.0"}}], "references": [{"name": "https://github.com/nuclio/nuclio/security/advisories/GHSA-95fj-3w7g-4r27", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/nuclio/nuclio/security/advisories/GHSA-95fj-3w7g-4r27"}, {"name": "https://github.com/nuclio/nuclio/pull/4030", "tags": ["x_refsource_MISC"], "url": "https://github.com/nuclio/nuclio/pull/4030"}, {"name": "https://github.com/nuclio/nuclio/commit/5352d7e16cf92f4350a2f8d806c4b80b626b5c5a", "tags": ["x_refsource_MISC"], "url": "https://github.com/nuclio/nuclio/commit/5352d7e16cf92f4350a2f8d806c4b80b626b5c5a"}, {"name": "https://github.com/nuclio/nuclio/releases/tag/1.15.20", "tags": ["x_refsource_MISC"], "url": "https://github.com/nuclio/nuclio/releases/tag/1.15.20"}], "affected": [{"vendor": "nuclio", "product": "nuclio", "versions": [{"version": "< 1.15.20", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-03-06T06:57:11.332Z"}, "descriptions": [{"lang": "en", "value": "Nuclio is a \"Serverless\" framework for Real-Time Events and Data Processing. Prior to version 1.15.20, the Nuclio Shell Runtime component contains a command injection vulnerability in how it processes user-supplied arguments. When a function is invoked via HTTP, the runtime reads the X-Nuclio-Arguments header and directly incorporates its value into shell commands without any validation or sanitization. This issue has been patched in version 1.15.20."}], "source": {"advisory": "GHSA-95fj-3w7g-4r27", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-09T19:56:55.354293Z", "id": "CVE-2026-29042", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-09T19:57:06.516Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-29042", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-03-09T19:56:55.354293Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-09T19:57:01.432Z"}}], "cna": {"title": "Nuclio Shell Runtime Command Injection Leading to Privilege Escalation", "source": {"advisory": "GHSA-95fj-3w7g-4r27", "discovery": "UNKNOWN"}, "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 8.9, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH"}}], "affected": [{"vendor": "nuclio", "product": "nuclio", "versions": [{"status": "affected", "version": "< 1.15.20"}]}], "references": [{"url": "https://github.com/nuclio/nuclio/security/advisories/GHSA-95fj-3w7g-4r27", "name": "https://github.com/nuclio/nuclio/security/advisories/GHSA-95fj-3w7g-4r27", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/nuclio/nuclio/pull/4030", "name": "https://github.com/nuclio/nuclio/pull/4030", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/nuclio/nuclio/commit/5352d7e16cf92f4350a2f8d806c4b80b626b5c5a", "name": "https://github.com/nuclio/nuclio/commit/5352d7e16cf92f4350a2f8d806c4b80b626b5c5a", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/nuclio/nuclio/releases/tag/1.15.20", "name": "https://github.com/nuclio/nuclio/releases/tag/1.15.20", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "Nuclio is a \"Serverless\" framework for Real-Time Events and Data Processing. Prior to version 1.15.20, the Nuclio Shell Runtime component contains a command injection vulnerability in how it processes user-supplied arguments. When a function is invoked via HTTP, the runtime reads the X-Nuclio-Arguments header and directly incorporates its value into shell commands without any validation or sanitization. This issue has been patched in version 1.15.20."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-75", "description": "CWE-75: Failure to Sanitize Special Elements into a Different Plane (Special Element Injection)"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-03-06T06:57:11.332Z"}}}, "cveMetadata": {"cveId": "CVE-2026-29042", "state": "PUBLISHED", "dateUpdated": "2026-03-09T19:57:06.516Z", "dateReserved": "2026-03-03T17:50:11.242Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2026-03-06T06:57:11.332Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:iguazio:nuclio:*:*:*:*:*:*:*:*", "matchCriteriaId": "CA51227C-DF77-4ABD-AE30-642111BC7A15", "versionEndExcluding": "1.15.20", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Nuclio is a \"Serverless\" framework for Real-Time Events and Data Processing. Prior to version 1.15.20, the Nuclio Shell Runtime component contains a command injection vulnerability in how it processes user-supplied arguments. When a function is invoked via HTTP, the runtime reads the X-Nuclio-Arguments header and directly incorporates its value into shell commands without any validation or sanitization. This issue has been patched in version 1.15.20."}, {"lang": "es", "value": "Nuclio es un 'Serverless' framework para eventos en tiempo real y procesamiento de datos. Antes de la versi\u00f3n 1.15.20, el componente Nuclio Shell Runtime contiene una vulnerabilidad de inyecci\u00f3n de comandos en la forma en que procesa los argumentos proporcionados por el usuario. Cuando se invoca una funci\u00f3n a trav\u00e9s de HTTP, el runtime lee el encabezado X-Nuclio-Arguments e incorpora directamente su valor en comandos de shell sin ninguna validaci\u00f3n o saneamiento. Este problema ha sido parcheado en la versi\u00f3n 1.15.20."}], "id": "CVE-2026-29042", "lastModified": "2026-03-10T19:32:49.967", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 8.9, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "PROOF_OF_CONCEPT", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2026-03-06T07:16:01.743", "references": [{"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/nuclio/nuclio/commit/5352d7e16cf92f4350a2f8d806c4b80b626b5c5a"}, {"source": "security-advisories@github.com", "tags": ["Issue Tracking", "Patch"], "url": "https://github.com/nuclio/nuclio/pull/4030"}, {"source": "security-advisories@github.com", "tags": ["Product", "Release Notes"], "url": "https://github.com/nuclio/nuclio/releases/tag/1.15.20"}, {"source": "security-advisories@github.com", "tags": ["Exploit", "Mitigation", "Vendor Advisory"], "url": "https://github.com/nuclio/nuclio/security/advisories/GHSA-95fj-3w7g-4r27"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-75"}], "source": "security-advisories@github.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,1.15.20)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "nuclio", "source": "cna", "vendor": "nuclio"}, "product": "nuclio", "vendor": "nuclio"}], "analysis": {"en": {"generated_at": "2026-04-16T11:28:58.363704+00:00", "value": {"mitigation_remediation": ["Deploy Nuclio\u202f1.15.20 or later, which removes the unsanitized concatenation of the X\u2011Nuclio\u2011Arguments header into shell commands.", "Re\u2011evaluate any functions that currently use the Shell Runtime or accept the X\u2011Nuclio\u2011Arguments header, ensuring they are protected by proper authentication and authorization or refactored to eliminate the insecure input handling.", "If an upgrade cannot be performed immediately, restrict the exposure of the affected functions to trusted sources only, block the X\u2011Nuclio\u2011Arguments header for unauthenticated requests, or disable the Shell Runtime component entirely."], "summary": {"action": "Immediate Patch", "impact": "Remote Code Execution"}, "threat_synthesis": {"affected_systems": "Nuclio, Version 1.15.20 introduced the fix. All versions of Nuclio older than 1.15.20 are affected. The flaw exists within the Nuclio Shell Runtime component that processes HTTP requests to user\u2011defined serverless functions. Vendors or users deploying versions older than 1.15.20 in any environment\u2014including Kubernetes, Docker, or bare\u2011metal installations\u2014are susceptible to exploitation.", "description_and_impact": "The Shell Runtime component of Nuclio accepts a custom HTTP header, X\u2010Nuclio\u2010Arguments, which is directly concatenated into shell commands without sanitization. This omission allows an attacker who can send an HTTP request to the function endpoint to inject arbitrary shell instructions, thereby achieving remote code execution and potentially escalating privileges on the host that runs the Nuclio server. The vulnerability is an instance of command injection originating from insecure handling of user input.", "risk_and_exploitability": "The CVSS score of 8.9 indicates a high severity with potential for complete system compromise. The EPSS value of less than 1\u202f% suggests that, although the flaw is severe, its exploitation frequency remains low, possibly due to a limited attack surface. Nuclio does not list this vulnerability in the CISA KEV catalog, but the lack of exposure does not reduce the risk for an attacker who can reach the vulnerable HTTP endpoint. Exploitation requires the ability to send crafted HTTP requests to a function; normally the X\u2011Nuclio\u2011Arguments header can be controlled by an authenticated or unauthenticated user depending on the function\u2019s access settings, implying that privilege escalation is possible if the function runs with elevated rights."}}}}, "created": "2026-03-06T14:55:30.734141+00:00", "updated": "2026-04-16T11:30:15.910762+00:00", "vendors": ["nuclio", "nuclio$PRODUCT$nuclio"]}