关键漏洞信息 漏洞标题 Remote Code Execution as Root via Containerized Install Script Execution 漏洞严重性 Critical (10.0/10) 影响版本 Package: catalyst-agent Affected versions: all 修复版本 Patched versions: patch commit link 漏洞描述 Summary: Install scripts defined in server templates execute directly on the host operating system as via , with no sandboxing or containerization. Any user with or permission can define arbitrary shell commands that achieve full root-level remote code execution on every node machine in the cluster. 漏洞细节 Details: The agent's function in executes template install scripts on the bare host. 漏洞利用步骤 (PoC) 1. Create a malicious template: 2. Create a server using the malicious template: 3. Trigger Installation: 漏洞影响 Impact: Full root-level remote code execution on any node machine in the Catalyst cluster.