CVE-2026-50880
Received Received - Intake
Remote Code Execution in YouTransfer File Transfer

Publication date: 2026-06-15

Last updated on: 2026-06-15

Assigner: MITRE

Description
An issue in the sendmail transport integration component of YouTransfer v1.0.6 allows attackers to execute arbitrary code via supplying a crafted request.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-15
Last Modified
2026-06-15
Generated
2026-06-16
AI Q&A
2026-06-16
EPSS Evaluated
N/A
NVD
CVE-2026-50880
EUVD
EUVD-2026-36778
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
youtransfer youtransfer 1.0.6
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Compliance Impact

The provided information does not specify any direct impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.

Executive Summary

CVE-2026-50880 is a vulnerability in YouTransfer version 1.0.6 that allows attackers to execute arbitrary code on the server. This happens through the sendmail transport integration component when an attacker with the ability to modify email settings configures the sendmail path to a malicious executable. By crafting a specially formed sender address with a payload, the attacker can trigger command execution with the privileges of the YouTransfer process when a transfer is sent.

Impact Analysis

This vulnerability can lead to remote code execution on the server running YouTransfer, allowing an attacker to run arbitrary commands with the same privileges as the YouTransfer process. This could result in unauthorized access, data manipulation, or further compromise of the system. However, exploitation requires the attacker to have the ability to modify email settings, so environments where untrusted users cannot change these settings are less at risk.

Detection Guidance

This vulnerability can be detected by checking if the sendmail transport path in YouTransfer version 1.0.6 has been modified to an attacker-controlled executable. Specifically, look for suspicious sendmailPath settings such as "perl" or other unexpected commands.

One way to detect exploitation is to check for the presence of files created by the payload, for example, the file "/tmp/yt_perl_transport_rce" which may be created if the exploit was successful.

Suggested commands to detect potential exploitation or configuration:

  • Check the sendmailPath setting in YouTransfer configuration files or database.
  • Run: ls -l /tmp/yt_perl_transport_rce # to check if the exploit-created file exists
  • Monitor process execution or logs for unexpected commands triggered by sendmail transport.
Mitigation Strategies

Immediate mitigation steps include restricting the ability to modify email settings, especially the sendmail transport path, to trusted administrators only.

Ensure that untrusted users do not have privileges to change the sendmailPath configuration.

Review and reset the sendmail transport path to a safe, expected executable to prevent execution of arbitrary commands.

Monitor the system for any signs of exploitation, such as unexpected files or processes.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-50880. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart