CVE-2026-44425 ShellHub: Crash-DoS via field injection in filter and sort-by parameters

ShellHub is a centralized SSH gateway. Prior to 0.24.2, the device list endpoint accepts user-controlled identifiers in the the name field of each filter property in the base64-encoded filter query parameter and the sortby query parameter, which are then passed directly as BSON/SQL keys in the...

CVE-2026-44425 ShellHub: Crash-DoS via field injection in filter and sort-by parameters

ShellHub is a centralized SSH gateway. Prior to 0.24.2, the device list endpoint accepts user-controlled identifiers in the the name field of each filter property in the base64-encoded filter query parameter and the sortby query parameter, which are then passed directly as BSON/SQL keys in the...

ShellHub 安全漏洞

ShellHub is an open-source remote device access and management platform developed by ShellHub. Versions of ShellHub prior to 0.24.2 contained security vulnerabilities. These vulnerabilities stemmed from the GET /api/sessions/:uid request, which returned a complete session object for any...

ShellHub 输入验证错误漏洞

ShellHub is an open-source remote device access and management platform developed by ShellHub. Versions of ShellHub prior to 0.24.2 contained a vulnerability related to input validation errors. This vulnerability stemmed from the device list endpoint accepting user-controlled identifiers as...

ShellHub 安全漏洞

ShellHub is an open-source remote device access and management platform developed by ShellHub. Versions of ShellHub prior to 0.24.2 contained security vulnerabilities. These vulnerabilities stemmed from the GET /api/devices/:uid request, which returned the complete device object for any...

ShellHub 安全漏洞

ShellHub is an open-source remote device access and management platform developed by ShellHub. Versions of ShellHub prior to 0.24.2 contained security vulnerabilities. These vulnerabilities stemmed from the GET /api/namespaces/:tenant request, which returned complete namespace objects, including...

PT-2026-38347

Name of the Vulnerable Software and Affected Versions IBM SDI versions 7.2.0.0 through 7.2.0.14 IBM Security Directory Integrator versions 10.0.0.0 through 10.0.0.2 Description A remote attacker can obtain sensitive information when the system returns detailed technical error messages in the...

GHSA-47R2-V3X6-WFF9 ShellHub has crash-DoS via field injection in filter and sort-by parameters

Summary The device list endpoint accepts user-controlled identifiers in two places that are passed directly as BSON/SQL keys in the database layer without validation: 1. The name field of each filter property in the base64-encoded filter query parameter. 2. The sortby query parameter. Any...

ShellHub has crash-DoS via field injection in filter and sort-by parameters

Summary The device list endpoint accepts user-controlled identifiers in two places that are passed directly as BSON/SQL keys in the database layer without validation: 1. The name field of each filter property in the base64-encoded filter query parameter. 2. The sortby query parameter. Any...

Authorization Bypass Through User-Controlled Key

Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via the GetSession function. An attacker can access sensitive SSH session data belonging to other tenants by providing a valid session UID and authenticating with any user account...

PT-2026-38315

Name of the Vulnerable Software and Affected Versions ShellHub versions prior to 0.24.2 Description The device list endpoint accepts user-controlled identifiers that are passed directly as BSON/SQL keys in the database layer without validation. This occurs in the name field of each filter propert...

CVE-2026-44425

creationtimestamp| type| source ---|---|--- 2026-04-29 23:48:30+00:00| published-proof-of-concept| https://github.com/shellhub-io/shellhub/security/advisories/GHSA-47r2-v3x6-wff9...

CVE-2026-44423

creationtimestamp| type| source ---|---|--- 2026-04-29 22:11:24+00:00| published-proof-of-concept| https://github.com/shellhub-io/shellhub/security/advisories/GHSA-9w9c-9w8m-w89q...