fofolee uTools-quickcommand Improper Certificate Validation Vulnerability

Vulnerability

A vulnerability exists in fofolee uTools-quickcommand version 5.0.3 due to improper validation of TLS/SSL certificates. The application disables certificate validation in the HTTPS agent configuration for Axios, allowing man-in-the-middle attackers to spoof servers and intercept sensitive data.

Impact

Exploitation of this vulnerability could lead to man-in-the-middle attacks, where an attacker could intercept and potentially alter communications between the user and a server.

Added: Feb 23, 2026, 4:35 PM

Updated: Feb 23, 2026, 6:24 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

4.1

remediation

0.0

relevance

3.1

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

4.1

remediation

0.0

relevance

3.1

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

fofolee uTools-quickcommand Improper Certificate Validation Vulnerability

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating