PatchSiren cyber security CVE debrief
CVE-2026-10042 zyddnys CVE debrief
CVE-2026-10042 documents a critical remote code execution vulnerability in manga-image-translator, an open-source tool for translating text in manga images. The vulnerability exists in the shared API server mode, specifically within the share.py module, where two HTTP endpoints—/execute/{method_name} and /simple_execute/{method_name}—unsafely deserialize attacker-controlled request bodies using Python's pickle.loads(). This deserialization of untrusted data allows remote attackers to execute arbitrary code in the server process. When deployed using the default Docker configuration running as root, this results in full container compromise. The vulnerability was disclosed on May 29, 2026, with a CVSS 4.0 score of 9.2 (Critical). The root cause is classified under CWE-502 (Deserialization of Untrusted Data). A fix has been committed to the project's repository.
- Vendor
- zyddnys
- Product
- manga-image-translator
- CVSS
- CRITICAL 9.2
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-05-29
- Original CVE updated
- 2026-05-29
- Advisory published
- 2026-05-29
- Advisory updated
- 2026-05-29
Who should care
Organizations running manga-image-translator in shared API server mode, particularly those with exposed or containerized deployments; security teams monitoring for deserialization vulnerabilities; developers maintaining forked or customized versions of the project
Technical summary
The manga-image-translator project provides a shared API server mode for distributed image processing. In this mode, the share.py module exposes HTTP endpoints that accept serialized Python objects via POST requests. These endpoints use pickle.loads() to deserialize request bodies without validation or sanitization. Because pickle can instantiate arbitrary Python objects during deserialization, an attacker can craft a malicious payload that executes code upon loading. The /execute/{method_name} and /simple_execute/{method_name} endpoints are both affected. Successful exploitation grants code execution in the context of the server process. Default Docker deployments run as root, elevating impact to full container compromise. The vulnerability is remotely exploitable without authentication, with low attack complexity.
Defensive priority
P0
Recommended defensive actions
- Immediately upgrade manga-image-translator to the patched version containing commit d7441481a7ed3236b4e0456670a9962a8c82d94d or later
- If immediate patching is not possible, disable the shared API server mode or restrict network access to the /execute and /simple_execute endpoints to trusted hosts only
- Review Docker deployments to ensure the service does not run as root; apply principle of least privilege
- Monitor for suspicious pickle deserialization attempts in application logs
- Implement input validation to reject unexpected content types on API endpoints
- Consider replacing pickle with safer serialization formats such as JSON or MessagePack for API communications
Evidence notes
The vulnerability was reported via GitHub issue 1141 and addressed in pull request 1142, with a fix committed to the main repository. VulnCheck published a detailed advisory analyzing the unsafe pickle deserialization pattern. The NVD record reflects CVSS 4.0 vector analysis with network attack vector, low attack complexity, and high impacts to confidentiality, integrity, and availability.
Official resources
2026-05-29