High severity8.8NVD Advisory· Published May 13, 2026· Updated May 14, 2026
CVE-2026-45229
CVE-2026-45229
Description
Quark Drive before 0.8.5 contains a mass assignment vulnerability in the POST /update endpoint that allows authenticated attackers to overwrite administrator credentials by posting an arbitrary webui object to the config_data dictionary. Attackers can exploit insufficient deny-list filtering to permanently replace stored login credentials, lock out legitimate administrators, and gain persistent access to all configured tasks, cloud tokens, and notification services.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
1- Range: <0.8.5
Patches
Vulnerability mechanics
References
3News mentions
0No linked articles in our index yet.