Nuclio is a "Serverless" framework for Real-Time Events and Data Processing. Prior to version 1.15.20, the Nuclio Shell Runtime component contains a command injection vulnerability in how it processes user-supplied arguments. When a function is invoked via HTTP, the runtime reads the X-Nuclio-Arguments header and directly incorporates its value into shell commands without any validation or sanitization. This issue has been patched in version 1.15.20.
Published: 2026-03-06
CVSS: 9.8
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Download Exploit for CVE-2026-29042 here:
Use Tor Browser to access .onion site.
https://sonitex.com/exploit-476-cve-2025-70218/
https://sonitex.com/exploit-105-cve-2026-2953/
https://sonitex.com/exploit-776-cve-2026-27591/