{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-16T20:08:07.440","vulnerabilities":[{"cve":{"id":"CVE-2026-0762","sourceIdentifier":"zdi-disclosures@trendmicro.com","published":"2026-01-23T04:16:02.973","lastModified":"2026-02-18T16:41:56.887","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"GPT Academic stream_daas Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GPT Academic. Interaction with a malicious DAAS server is required to exploit this vulnerability but attack vectors may vary depending on the implementation.\n\nThe specific flaw exists within the stream_daas function. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-27956."},{"lang":"es","value":"Vulnerabilidad de ejecución remota de código por deserialización de datos no confiables en GPT Academic stream_daas. Esta vulnerabilidad permite a atacantes remotos ejecutar código arbitrario en instalaciones afectadas de GPT Academic. Se requiere interacción con un servidor DAAS malicioso para explotar esta vulnerabilidad, pero los vectores de ataque pueden variar dependiendo de la implementación.\n\nLa falla específica existe dentro de la función stream_daas. El problema se debe a la falta de validación adecuada de los datos proporcionados por el usuario, lo que puede resultar en la deserialización de datos no confiables. Un atacante puede aprovechar esta vulnerabilidad para ejecutar código en el contexto de root. Fue ZDI-CAN-27956."}],"metrics":{"cvssMetricV30":[{"source":"zdi-disclosures@trendmicro.com","type":"Secondary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":5.9}]},"weaknesses":[{"source":"zdi-disclosures@trendmicro.com","type":"Primary","description":[{"lang":"en","value":"CWE-502"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:binary-husky:gpt_academic:3.91:*:*:*:*:*:*:*","matchCriteriaId":"E6552037-FD85-48BB-A474-C85A10783308"}]}]}],"references":[{"url":"https://www.zerodayinitiative.com/advisories/ZDI-26-028/","source":"zdi-disclosures@trendmicro.com","tags":["Mitigation","Third Party Advisory"]}]}}]}