THREAT OPS › Threat News › [GHSA] GHSA-9jpv-c7p4-997x (critical) — DIRAC is vulnerable to RCE in RequestManager due to eval on untrusted input
[GHSA] GHSA-9jpv-c7p4-997x (critical) — DIRAC is vulnerable to RCE in RequestManager due to eval on untrusted input
GHSA-9jpv-c7p4-997x Severity: critical CVE: CVE-2026-45579
DIRAC is vulnerable to RCE in RequestManager due to eval on untrusted input
### Summary An remote code execution vulnerability exists in RequestManager due to the use of eval on untrusted input that allows any authenticated user to run code/commands on the DIRAC server as the system user running the DIRAC services.
### Details The expor
Indicators of compromise
- f7e0a3ac153315030fb3520e8ca747f013758967sha1
- CVE-2026-45579cve
- https://pypi.org/project/DIRAC/8.0.79/url
- https://pypi.org/project/DIRAC/9.0.22/url
- https://pypi.org/project/DIRAC/9.1.10/url
Original source: https://github.com/advisories/GHSA-9jpv-c7p4-997x