Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
7.8
Bleon API Gateway Deployment Tool Allows Root Access
CVE-2026-27208
Summary
A security issue in the Bleon API Gateway Deployment Tool version 1.0.0 allows attackers to execute commands with root privileges. This could lead to unauthorized changes to the system. Update to version 1.0.1 to fix the issue.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| bleon-ethical | api-gateway-deploy | 1.0.0 | – |
Original title
bleon-ethical/api-gateway-deploy provides API gateway deployment. Version 1.0.0 is vulnerable to an attack chain involving OS Command Injection and Privilege Escalation. This allows an attacker to ...
Original description
bleon-ethical/api-gateway-deploy provides API gateway deployment. Version 1.0.0 is vulnerable to an attack chain involving OS Command Injection and Privilege Escalation. This allows an attacker to execute arbitrary commands with root privileges within the container, potentially leading to a container escape and unauthorized infrastructure modifications. This is fixed in version 1.0.1 by implementing strict input sanitization and secure delimiters in entrypoint.sh, enforcing a non-root user (appuser) in the Dockerfile, and establishing mandatory security quality gates.
nvd CVSS3.1
7.8
Vulnerability type
CWE-78
OS Command Injection
CWE-88
CWE-250
CWE-269
Improper Privilege Management
Published: 24 Feb 2026 · Updated: 12 Mar 2026 · First seen: 6 Mar 2026