CVE-2026-8210 | aandrew-me tgpt up to 2.11.1 on Linux/macOS Update helper.go helper.Update command injection

Inserito da Angelo Barbosa | Mag 9, 2026 | CVE

A vulnerability classified as critical has been found in aandrew-me tgpt up to 2.11.1 on Linux/macOS. Affected by this vulnerability is the function helper.Update of the file helper.go of the component Update Handler. The manipulation leads to command injection.

This vulnerability is uniquely identified as CVE-2026-8210. Local access is required to approach this attack. Moreover, an exploit is present.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2026-8210 | aandrew-me tgpt up to 2.11.1 on Linux/macOS Update helper.go helper.Update command injection

Post correlati

CVE-2024-26581 | Linux Kernel up to 6.1.77/6.6.16/6.7.4/6.8-rc3 Netfilter nft_set_rbtree.c nft_set_rbtree Privilege Escalation

CVE-2025-9262 | wong2 mcp-cli 1.13.0 oAuth /src/oauth/provider.js redirectToAuthorization os command injection

CVE-2024-50382 | randombit Botan up to 3.5.x ghash.cpp control flow

CVE-2023-6603 | FFmpeg HLS EXT-X-MAP null pointer dereference