CVE-2026-36365
Published: Mon, 04 May 2026 16:16
Summary
An issue in Lymphatus caesium-image-compressor All versions up to and including commit 02da2c6 allows a local attacker to execute arbitrary code via the shutdownMachine and putMachineToSleep functions
Details
An issue in Lymphatus caesium-image-compressor All versions up to and including commit 02da2c6 allows a local attacker to execute arbitrary code via the shutdownMachine and putMachineToSleep functions in PostCompressionActions.cpp
Are YOU affected by CVE-2026-36365?
5-second check on your actual server. Reads /etc/os-release, uname -r, and dpkg-query; matches against the live USN + Debian Security Tracker feeds; tells you whether CVE-2026-36365 (and any other live CVE) applies. Anonymous, no signup.
curl https://mindsparkstack.com/scan.sh | bash
References
- https://github.com/Lymphatus/caesium-image-compressor
- https://github.com/Lymphatus/caesium-image-compressor/blob/main/src/utils/PostCompressionActions.cpp
- https://github.com/Lymphatus/caesium-image-compressor/pull/376
- https://github.com/mertsatilmaz/vulnerability-research/blob/main/advisories/CVE-2026-36365.md
StackPatch runs this match against YOUR installed packages every hour
Free 1-server / $99 lifetime founder seat (50 only) / $19+/mo monthly. Indie pricing.