CVE-2026-13014
Thales CERT · Suspicious
Thales CERT "Suspicious" versions 1.2.0-1.3.4 contain a path traversal and code injection vulnerability ("Matryoshka Mail") allowing unauthenticated remote code execution.
Executive summary
An unauthenticated remote code execution vulnerability in Thales CERT "Suspicious" allows attackers to overwrite critical files and gain root access inside the application container.
Vulnerability
This vulnerability (CWE-22, CWE-73, CWE-94) allows an unauthenticated attacker to perform path traversal and arbitrary file overwriting. By manipulating file paths, an attacker can overwrite configuration files or Python modules, ultimately resulting in root-level code execution within the Django application container.
Business impact
Assessed at a 9.2 CVSS score, this vulnerability represents a severe threat to the integrity and availability of the "Suspicious" application. Successful exploitation could lead to the theft of application secrets, permanent service denial, and total compromise of the affected containerized environment.
Remediation
Immediate Action: Upgrade the Thales CERT Suspicious application to version v1.3.5 immediately.
Proactive Monitoring: Review application logs for path manipulation attempts (e.g., ../ sequences) and check for unexpected modifications to application source files or configuration artifacts.
Compensating Controls: Restrict network access to the application to trusted IP ranges only and ensure the container runs with the least-privilege principle applied to the filesystem.
Exploitation status
Public Exploit Available: No (Exploit_available: unknown)
Analyst recommendation
Given the ease of exploitation and the critical nature of the impact, organizations should move to update to v1.3.5 as their highest priority. Failure to patch leaves the application and the underlying container host highly vulnerable to remote exploitation.