HIGH
uniget-org
CVE published 2026-05-27
CVE-2026-45152
CVE-2026-45152 is a command injection vulnerability in uniget, a universal installer and updater for container tools. The flaw exists in versions prior to 0.27.1 and stems from unsafe execution of the `check` field from metadata files using `/bin/bash -c`. The `check` field is loaded directly from untrusted JSON metadata without validation or sanitization, allowing an attacker to craft malicious metadata [truncated]