CVE-2026-0773
Upsonic add_tool Deserialization Vulnerability Enables Remote Code Execution
Publication date: 2026-01-23
Last updated on: 2026-01-23
Assigner: Zero Day Initiative
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| upsonic | upsonic | to 2026-07-03 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-502 | The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a critical remote code execution flaw in Upsonic products. It occurs because the add_tool endpoint, which listens on TCP port 7541, does not properly validate user-supplied data. This improper validation allows an attacker to send specially crafted data that gets deserialized unsafely, enabling the attacker to execute arbitrary code remotely without needing to authenticate. [1]
How can this vulnerability impact me? :
An attacker can exploit this vulnerability to execute arbitrary code on the affected Upsonic installation remotely, with the same privileges as the service account running the Upsonic application. This can lead to full compromise of the system, including data theft, service disruption, or further attacks within the network. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
You can detect this vulnerability by monitoring network traffic for connections to TCP port 7541, which is the default port for the vulnerable add_tool endpoint in Upsonic. Commands such as 'netstat -an | grep 7541' on the affected system can help identify if the service is listening on this port. Additionally, using network scanning tools like 'nmap -p 7541 <target-ip>' can check if the port is open and accessible. Monitoring for unusual or unauthorized requests to this port may also indicate exploitation attempts. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include restricting access to TCP port 7541 by implementing firewall rules to limit exposure only to trusted networks or hosts. If possible, disable the add_tool endpoint or the Upsonic service until a patch or update is available. Monitoring logs for suspicious activity targeting this port and applying any vendor-provided patches or updates as soon as they are released are also recommended. [1]