CVE-2026-45229

🗓️ 13 May 2026 19:54:14Reported by VulnCheckType

Quark Drive before 0.8.5 allows mass assignment via POST /update to overwrite admin credentials.

Reporter	Title	Published	Views	Family All 9
ATTACKERKB	CVE-2026-45229	13 May 202619:54	–	attackerkb
Circl	CVE-2026-45229	13 May 202623:53	–	circl
CNNVD	quark-auto-save 安全漏洞	13 May 202600:00	–	cnnvd
Cvelist	CVE-2026-45229 Quark Drive (quark-auto-save) < 0.8.5 Mass Assignment via POST /update	13 May 202619:54	–	cvelist
EUVD	EUVD-2026-30174	13 May 202621:32	–	euvd
NVD	CVE-2026-45229	13 May 202621:16	–	nvd
Positive Technologies	PT-2026-40801	13 May 202600:00	–	ptsecurity
RedhatCVE	CVE-2026-45229	15 May 202601:57	–	redhatcve
Vulnrichment	CVE-2026-45229 Quark Drive (quark-auto-save) < 0.8.5 Mass Assignment via POST /update	13 May 202619:54	–	vulnrichment

Vulners

Node

cp0204 quark-auto-saveRange0–0.8.5

[
  {
    "defaultStatus": "affected",
    "vendor": "Cp0204",
    "product": "quark-auto-save",
    "repo": "https://github.com/Cp0204/quark-auto-save",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "versionType": "semver",
        "lessThan": "0.8.5"
      },
      {
        "status": "unaffected",
        "version": "ea8377a596446291953dbe36e2d119d85bcd865b",
        "versionType": "git"
      }
    ]
  }
]

Source	Link
github	www.github.com/Cp0204/quark-auto-save/commit/ea8377a596446291953dbe36e2d119d85bcd865b
vulncheck	www.vulncheck.com/advisories/quark-drive-mass-assignment-via-post-update
github	www.github.com/Cp0204/quark-auto-save/releases/tag/v0.8.5

25 May 2026 23:42Current

5.9Medium risk

Vulners AI Score5.9

CVSS 48.7

CVSS 3.18.8

EPSS0.00057

SSVC

CWE-915