Vulnerability Description
emp3r0r is a stealth-focused C2 designed by Linux users for Linux environments. Prior to 3.21.1, untrusted agent metadata (Transport, Hostname) is accepted during check-in and later interpolated into tmux shell command strings executed via /bin/sh -c. This enables command injection and remote code execution on the operator host. This vulnerability is fixed in 3.21.1.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Jm33-M0 | Emp3R0R | < 3.21.1 |
Related Weaknesses (CWE)
References
- https://github.com/jm33-m0/emp3r0r/commit/0cd64e4a26e7839a9a54bca3d756a665fcb7fdPatch
- https://github.com/jm33-m0/emp3r0r/releases/tag/v3.21.1ProductRelease Notes
- https://github.com/jm33-m0/emp3r0r/security/advisories/GHSA-h5p4-4xp4-vjppExploitVendor Advisory
FAQ
What is CVE-2026-26068?
CVE-2026-26068 is a vulnerability with a CVSS score of 9.9 (CRITICAL). emp3r0r is a stealth-focused C2 designed by Linux users for Linux environments. Prior to 3.21.1, untrusted agent metadata (Transport, Hostname) is accepted during check-in and later interpolated into ...
How severe is CVE-2026-26068?
CVE-2026-26068 has been rated CRITICAL with a CVSS base score of 9.9/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2026-26068?
Check the references section above for vendor advisories and patch information. Affected products include: Jm33-M0 Emp3R0R.