Primary

Context

Komari Cross-Site WebSocket Hijacking Vulnerability Allowing Remote Code Execution

Vulnerability

A Cross-Site WebSocket Hijacking vulnerability has been identified in Komari versions prior to 1.0.4-fix1. The issue arises because the WebSocket upgrader disabled origin checking, allowing any third-party website to send requests to the terminal WebSocket endpoint with the user's browser cookies. This could lead to remote code execution on the server.

Impact

Exploitation of this vulnerability allows for remote code execution on the server where Komari is running.

Reproduction

To reproduce this vulnerability, log into a Komari instance and host an HTML page that sends a WebSocket request to the terminal endpoint, including the necessary cookies. When the page is visited, the WebSocket connection will be established, and commands can be sent to the server for execution.

Remediation

Users can upgrade to Komari version 1.0.4-fix1 to address this vulnerability.

Added: Aug 18, 2025, 6:18 PM

Updated: Aug 18, 2025, 8:28 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

7.7

remediation

7.7

relevance

0.3

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

7.7

remediation

7.7

relevance

0.3

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Komari Cross-Site WebSocket Hijacking Vulnerability Allowing Remote Code Execution

Vulnerability

Impact

Reproduction

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating