CVE 9.3 CRITICAL

RustFly 2.0.0 Command Injection via UDP Remote Control_CVE-2026-27476

February 19, 2026 invoker category_cve

9.3 / 10

CRITICAL

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Description

RustFly 2.0.0 contains a command injection vulnerability in its remote UI control mechanism that accepts hex-encoded instructions over UDP port 5005 without proper sanitization. Attackers can send crafted hex-encoded payloads containing system commands to execute arbitrary operations on the target system, including reverse shell establishment and command execution.

AI Analysis

Command injection vulnerability in RustFly's remote UI control mechanism

Basic Information

ID CVE-2026-27476

Source VulnCheck

Published Feb 19, 2026 at 20:43

Affected Product

Vendor Bixat

Product RustFly

Version 2.0.0

Affected Versions Bixat RustFly 2.0.0

CWE Classification

CWE-78

AI Assessment

AI Score 9.3 / 10

AI Severity Critical

Vendor Bixat

Product RustFly

Version 2.0.0

References

{
    "lastseen": "",
    "description": "RustFly 2.0.0 contains a command injection vulnerability in its remote UI control mechanism that accepts hex-encoded instructions over UDP port 5005 without proper sanitization. Attackers can send crafted hex-encoded payloads containing system commands to execute arbitrary operations on the target system, including reverse shell establishment and command execution.",
    "published": "2026-02-19T20:43:08.963Z",
    "modified": "2026-02-19T20:43:08.963Z",
    "type": "cve",
    "title": "RustFly 2.0.0 Command Injection via UDP Remote Control",
    "source": "VulnCheck",
    "references": "https://packetstorm.news/files/id/215819/\nhttps://www.vulncheck.com/advisories/rustfly-command-injection-via-udp-remote-control",
    "id": "CVE-2026-27476",
    "bulletinFamily": "",
    "cwe": [
        "CWE-78"
    ],
    "cvelist": null,
    "sourceData": "Bixat RustFly 2.0.0",
    "sourceHref": "",
    "cvss": {
        "score": 9.3,
        "severity": "CRITICAL",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "RustFly",
    "version": "2.0.0",
    "vendor": "Bixat",
    "ai_description": "Command injection vulnerability in RustFly's remote UI control mechanism",
    "ai_severity": "Critical",
    "ai_vendor": "Bixat",
    "ai_product": "RustFly",
    "ai_version": "2.0.0",
    "ai_score": 9.3
}

💭 Join the Security Discussion ❌ Cancel Reply