关键信息 CVE ID: CVE-2026-0764 CVSS Score: 9.8, AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Vendors: GPT Academic Affected Products: GPT Academic Vulnerability Details: - Description: This vulnerability allows remote attackers to execute arbitrary code on affected installations of GPT Academic. Authentication is not required to exploit this vulnerability. - Specific Issue: The specific flaw exists within the upload endpoint. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of root. Mitigation: Given the nature of the vulnerability, the only salient mitigation strategy is to restrict interaction with the product. Disclosure Timeline: - 2025-08-27: Vulnerability reported to vendor - 2026-01-09: Coordinated public release of advisory - 2026-01-09: Advisory Updated Credit: Peter Girnus (@gothburz) of Trend Zero Day Initiative