CVE-2026-10042
manga-image-translator RCE via Unsafe Pickle Deserialization in Share Model
CVSS Score
9.8
EPSS Score
0.0%
EPSS Percentile
0th
manga-image-translator contains a remote code execution vulnerability in the shared API server mode due to unsafe deserialization of untrusted pickle data in the share.py module, where the /execute/{method_name} and /simple_execute/{method_name} endpoints deserialize attacker-controlled HTTP request bodies using pickle.loads(). A remote attacker can supply a crafted pickle payload to these endpoints to execute arbitrary code in the server process, resulting in full container compromise when running in the default Docker deployment as root.
| CWE | CWE-502 |
| Vendor | zyddnys |
| Product | manga-image-translator |
| Published | May 29, 2026 |
| Last Updated | May 29, 2026 |
Stay Ahead of the Next One
Get instant alerts for zyddnys manga-image-translator
Be the first to know when new critical vulnerabilities affecting zyddnys manga-image-translator are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Affected Versions
zyddnys / manga-image-translator
0 โค d744148
References
github.com: https://github.com/zyddnys/manga-image-translator/issues/1141 github.com: https://github.com/zyddnys/manga-image-translator/pull/1142 github.com: https://github.com/zyddnys/manga-image-translator/commit/d7441481a7ed3236b4e0456670a9962a8c82d94d vulncheck.com: https://www.vulncheck.com/advisories/manga-image-translator-rce-via-unsafe-pickle-deserialization-in-share-model
Credits
YU SUN