Share
## https://sploitus.com/exploit?id=8D6F4EBC-F42C-5159-9453-27EB3D10182A
# CVE-2026-26215 - manga-image-translator Pickle Deserialization RCE
## ๐ค Author
### Mohammed Idrees Banyamer
Instagram: @banyamer_security
GitHub: @mbanyamer





**Proof-of-Concept exploit for CVE-2026-26215** - Unauthenticated Remote Code Execution via unsafe Pickle deserialization in **manga-image-translator โค beta-0.3**.
---
## ๐จ Vulnerability Description
**CVE-2026-26215** is an unauthenticated remote code execution vulnerability in **manga-image-translator** versions โค beta-0.3 running in shared API mode.
The endpoints `/execute/{method_name}` and `/simple_execute/{method_name}` deserialize attacker-controlled request bodies using `pickle.loads()` without any validation. The nonce-based authentication mechanism is completely bypassed as it defaults to an empty string.
This allows:
- **Unauthenticated RCE** in server context
- **No user interaction** required
- **Full server compromise**
---
## ๐ฏ Affected Versions
| Status | Version |
|--------|---------|
| โ **Vulnerable** | manga-image-translator โค beta-0.3 |
| โ
**Patched** | Not yet released |
**Tested on:** Docker (zyddnys/manga-image-translator:main), Linux
---
## ๐ฅ Impact
| Vector | Description |
|--------|-------------|
| **CVSS v4** | 9.3 (Critical) - AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H |
| **Authentication** | None - Completely unauthenticated |
| **Attack Vector** | Network |
| **Complexity** | Low |
---
## ๐ฌ Technical Details
### Root Cause
1. **Unsafe deserialization** - `pickle.loads(await request.body())` called directly on attacker input
2. **Authentication bypass** - `self.nonce` defaults to `None`, skipping the nonce check entirely
3. **No input validation** - No restrictions on pickle payload size or content
4. **Public endpoints** - `/execute/` and `/simple_execute/` exposed without proper access controls
### Vulnerability Flow
```mermaid
graph LR
A[Attacker crafts malicious pickle payload] --> B[Sends POST request to /execute/translate]
B --> C[Server calls pickle.loads on request body]
C --> D[__reduce__ method executes]
D --> E[os.system called with attacker command]
E --> F[Remote code execution]