CVE ID : CVE-2026-26009
Published : Feb. 10, 2026, 7:16 p.m. | 44 minutes ago
Description : Catalyst is a platform built for enterprise game server hosts, game communities, and billing panel integrations. Install scripts defined in server templates execute directly on the host operating system as root via bash -c, with no sandboxing or containerization. Any user with template.create or template.update permission can define arbitrary shell commands that achieve full root-level remote code execution on every node machine in the cluster. This vulnerability is fixed in commit 11980aaf3f46315b02777f325ba02c56b110165d.
Severity: 9.9 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
Published : Feb. 10, 2026, 7:16 p.m. | 44 minutes ago
Description : Catalyst is a platform built for enterprise game server hosts, game communities, and billing panel integrations. Install scripts defined in server templates execute directly on the host operating system as root via bash -c, with no sandboxing or containerization. Any user with template.create or template.update permission can define arbitrary shell commands that achieve full root-level remote code execution on every node machine in the cluster. This vulnerability is fixed in commit 11980aaf3f46315b02777f325ba02c56b110165d.
Severity: 9.9 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more…