Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
9.3
RustFly 2.0.0 Remote Control Allows Malicious Commands
CVE-2026-27476
Summary
RustFly's remote control feature accepts commands without checking them for safety. This allows hackers to send commands that can harm the system. Update RustFly to a fixed version to prevent this.
Original title
RustFly 2.0.0 contains a command injection vulnerability in its remote UI control mechanism that accepts hex-encoded instructions over UDP port 5005 without proper sanitization. Attackers can send ...
Original description
RustFly 2.0.0 contains a command injection vulnerability in its remote UI control mechanism that accepts hex-encoded instructions over UDP port 5005 without proper sanitization. Attackers can send crafted hex-encoded payloads containing system commands to execute arbitrary operations on the target system, including reverse shell establishment and command execution.
nvd CVSS3.1
9.8
nvd CVSS4.0
9.3
Vulnerability type
CWE-78
OS Command Injection
Published: 19 Feb 2026 · Updated: 11 Mar 2026 · First seen: 6 Mar 2026