🔐 CVE Alert

CVE-2026-13014

UNKNOWN 0.0

Remote Code Execution vulnerability in "Suspicious" application

CVSS Score
0.0
EPSS Score
0.7%
EPSS Percentile
49th

A vulnerability in Thales CERT "Suspicious" application =< 1.3.4 allows a remote and unauthenticated attacker to execute arbitrary code and arbitrarily overwrite writable application files—including Python modules, configuration files, cron inputs, and runtime artifacts—leading to a persistent denial of service, the potential compromise of application secrets or integrations, and root-level execution inside the Django application container. This vulnerability has been names "Matryoshka Mail". Thales PSIRT acknowledges and thanks Lucien Doustaly (aka wlayzz) for discovering and reporting this issue.

CWE CWE-22 CWE-73 CWE-94
Vendor thales cert
Product suspicious
Published Jul 13, 2026
Last Updated Jul 13, 2026
Stay Ahead of the Next One

Get instant alerts for thales cert suspicious

Be the first to know when new unknown vulnerabilities affecting thales cert suspicious are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

Thales CERT / Suspicious
v1.2.0 ≤ v1.3.4

References

NVD ↗ CVE.org ↗ EPSS Data ↗
github.com: https://github.com/thalesgroup-cert/suspicious/security/advisories/GHSA-x85x-9mrm-wwvp