Quark Drive Mass Assignment Flaw Grants Admin Takeover
The National Vulnerability Database has disclosed CVE-2026-45229, a high-severity mass assignment vulnerability in Quark Drive versions prior to 0.8.5. This flaw, rated 8.8 CVSS, allows authenticated attackers to fully compromise administrator accounts.
Specifically, the POST /update endpoint in Quark Drive’s web UI is susceptible. An attacker can inject an arbitrary webui object into the config_data dictionary, bypassing insufficient deny-list filtering. This leads to the permanent overwriting of stored administrator credentials.
Exploitation results in a complete lockout of legitimate administrators and persistent access to all configured tasks, cloud tokens, and notification services. This isn’t just a minor config tweak; it’s full system compromise for an attacker who already has basic authenticated access.
What This Means For You
- If your organization uses Quark Drive, you need to check your version immediately. Patch to 0.8.5 or newer without delay. An authenticated attacker can leverage CVE-2026-45229 to completely seize control, locking out legitimate admins and gaining access to critical cloud integrations. This is a total loss of control over the application.
Related ATT&CK Techniques
🛡️ Detection Rules
3 rules · 6 SIEM formats3 detection rules auto-generated for this incident, mapped to MITRE ATT&CK. Sigma YAML is free — export to any SIEM format via the Intel Bot.
CVE-2026-45229 - Quark Drive POST /update Mass Assignment
title: CVE-2026-45229 - Quark Drive POST /update Mass Assignment
id: scw-2026-05-13-ai-1
status: experimental
level: critical
description: |
Detects the specific POST request to the /update endpoint with 'config_data' and 'webui' in the query string, indicative of the mass assignment vulnerability in Quark Drive CVE-2026-45229. This vulnerability allows attackers to overwrite administrator credentials.
author: SCW Feed Engine (AI-generated)
date: 2026-05-13
references:
- https://shimiscyberworld.com/posts/nvd-CVE-2026-45229/
tags:
- attack.initial_access
- attack.t1190
logsource:
category: webserver
detection:
selection:
cs-method:
- 'POST'
uri|endswith:
- '/update'
cs-uri-query|contains:
- 'config_data'
cs-uri-query|contains:
- 'webui'
condition: selection
falsepositives:
- Legitimate administrative activity
Source: Shimi's Cyber World · License & reuse
Indicators of Compromise
| ID | Type | Indicator |
|---|---|---|
| CVE-2026-45229 | Auth Bypass | Quark Drive before 0.8.5 |
| CVE-2026-45229 | Auth Bypass | POST /update endpoint |
| CVE-2026-45229 | Auth Bypass | Mass Assignment vulnerability |
| CVE-2026-45229 | Auth Bypass | Overwriting administrator credentials via webui object in config_data dictionary |
Written by SCW Vulnerability Desk
Source & Attribution
| Source Platform | NVD |
| Channel | National Vulnerability Database |
| Published | May 14, 2026 at 00:16 UTC |
This content was AI-rewritten and enriched by Shimi's Cyber World based on the original source. All intellectual property rights remain with the original author.
Believe this infringes your rights? Submit a takedown request.
Related coverage
OPNsense RCE: Critical Flaw Allows Root Access via DHCP Input
CVE-2026-45158 — OPNsense is a FreeBSD based firewall and routing platform. Prior to 26.1.8, unsanitized user input is passed to the DHCP configuration of the...
Hoppscotch CVE-2026-44478: Unauthenticated Infrastructure Secret Leak
CVE-2026-44478 — hoppscotch is an open source API development ecosystem. The fix for CVE-2026-28215 in version 2026.2.0 addresses the unauthenticated POST /v1/onboarding/config endpoint by checking...
CVE-2026-44471: gitoxide Symlink Vulnerability Exposes Filesystem to Attack
CVE-2026-44471 — gitoxide is an implementation of git written in Rust. Prior to 0.21.1, a malicious tree can be constructed that will, when checked out...