CVE-2026-44425— ShellHub: Crash-DoS via field injection in filter and sort-by parameters
Possible ATT&CK Techniques 1AI
T1190 · Exploit Public-Facing ApplicationAffected Version Matrix 1
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| shellhub-io | shellhub | < 0.24.2 | affected |
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-44425
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
ShellHub: Crash-DoS via field injection in filter and sort-by parameters
Source: NVD (National Vulnerability Database)
Vulnerability Description
ShellHub is a centralized SSH gateway. Prior to 0.24.2, the device list endpoint accepts user-controlled identifiers in the the name field of each filter property in the base64-encoded filter query parameter and the sort_by query parameter, which are then passed directly as BSON/SQL keys in the database layer without validation. Any authenticated user can craft payloads that cause the aggregation / query to fail and the API to return HTTP 500 with no body, with no rate limiting applied. This vulnerability is fixed in 0.24.2.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L
Source: NVD (National Vulnerability Database)
Vulnerability Type
输入验证不恰当
Source: NVD (National Vulnerability Database)
Vulnerability Title
ShellHub 输入验证错误漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
ShellHub是ShellHub开源的一个远程设备访问与管理平台。 ShellHub 0.24.2之前版本存在输入验证错误漏洞,该漏洞源于设备列表端点接受用户控制的标识符作为BSON/SQL键且未验证,允许经过身份验证的用户构造有效载荷导致聚合查询失败。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| shellhub-io | shellhub | < 0.24.2 | - |
II. Public POCs for CVE-2026-44425
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-44425
请登录查看更多情报信息。
Same Patch Batch · shellhub-io · 2026-05-13 · 4 CVEs total
| CVE-2026-44423 | 6.5 MEDIUM | ShellHub: Cross-tenant IDOR in `GET /api/sessions/:uid` discloses SSH session data |
| CVE-2026-44424 | 6.5 MEDIUM | ShellHub: Cross-tenant IDOR in `GET /api/devices/:uid` discloses device data of any namesp |
| CVE-2026-44426 | 6.5 MEDIUM | ShellHub: Cross-tenant IDOR in `GET /api/namespaces/:tenant` via API Key bypasses members |
IV. Related Vulnerabilities
V. Comments for CVE-2026-44425
No comments yet