Vulnerability Description
Quark Drive before 0.8.5 contains a mass assignment vulnerability in the POST /update endpoint that allows authenticated attackers to overwrite administrator credentials by posting an arbitrary webui object to the config_data dictionary. Attackers can exploit insufficient deny-list filtering to permanently replace stored login credentials, lock out legitimate administrators, and gain persistent access to all configured tasks, cloud tokens, and notification services.
CVSS Score
HIGH
Related Weaknesses (CWE)
References
- https://github.com/Cp0204/quark-auto-save/commit/ea8377a596446291953dbe36e2d119d
- https://github.com/Cp0204/quark-auto-save/releases/tag/v0.8.5
- https://www.vulncheck.com/advisories/quark-drive-mass-assignment-via-post-update
FAQ
What is CVE-2026-45229?
CVE-2026-45229 is a vulnerability with a CVSS score of 8.8 (HIGH). Quark Drive before 0.8.5 contains a mass assignment vulnerability in the POST /update endpoint that allows authenticated attackers to overwrite administrator credentials by posting an arbitrary webui ...
How severe is CVE-2026-45229?
CVE-2026-45229 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2026-45229?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.