CVE-2026-13014
Remote Code Execution vulnerability in "Suspicious" application
A vulnerability in Thales CERT "Suspicious" application =< 1.3.4 allows a remote and unauthenticated attacker to execute arbitrary code and arbitrarily overwrite writable application files—including Python modules, configuration files, cron inputs, and runtime artifacts—leading to a persistent denial of service, the potential compromise of application secrets or integrations, and root-level execution inside the Django application container. This vulnerability has been names "Matryoshka Mail". Thales PSIRT acknowledges and thanks Lucien Doustaly (aka wlayzz) for discovering and reporting this issue.
| CWE | CWE-22 CWE-73 CWE-94 |
| Vendor | thales cert |
| Product | suspicious |
| Published | Jul 13, 2026 |
| Last Updated | Jul 13, 2026 |
Get instant alerts for thales cert suspicious
Be the first to know when new unknown vulnerabilities affecting thales cert suspicious are published — delivered to Slack, Telegram or Discord.