How is CVE-2026-47161 exploited?

Network reachability (required): The attacker must be able to reach the Celery message broker over the network to deliver a malicious serialized payload. Authentication (required): Any low-privilege account (such as a student account) is sufficient to initiate the exploit path; no administrative access is needed. Victim interaction (not-required): No victim action is required; the attacker submits the payload directly to the broker without social engineering. Attack complexity (info): Attack complexity is low, meaning the exploit is reliable and does not depend on race conditions, special memory layout, or other unpredictable environmental factors.

What is the impact of CVE-2026-47161?

Reads any data accessible on the host system, including environment variables, credentials, and stored course records. Modifies or deletes files and persisted database rows reachable from the compromised worker process. Executes arbitrary operating system commands on the host server, enabling installation of backdoors or lateral movement tools. Crashes or disrupts the RELATE application and its Celery worker pool, taking the courseware offline for all users.

Back to search

HIGHCVE-2026-47161Published 2026-05-27Modified 2026-05-28CNA GitHub_M

CVE-2026-47161: RELATE Vulnerable to Remote Code Execution (RCE) via Insecure Celery Pickle Deserialization

RELATE is a web-based courseware package. Prior to commit d66ba5659b459bf1ba56b7109b5f9ecf197cbefb, RELATE LMS configures its Celery workers to accept and deserialize untrusted 'pickle' data. An attacker who can reach the message broker can execute arbitrary commands on the host server. Combined with missing network isolation in the code execution sandbox, this allows an authenticated student to achieve full Remote Code Execution (RCE) on the host system. Commit d66ba5659b459bf1ba56b7109b5f9ecf197cbefb fixes the issue.

HarborGuard Analysis

HarborGuard analysis

Synopsis

An insecure deserialization vulnerability in RELATE LMS allows an authenticated attacker to achieve remote code execution on the host server. The flaw stems from Celery workers accepting and deserializing untrusted pickle data without validation; an attacker who can reach the message broker can send a crafted payload that runs arbitrary commands. The CVSS v4.0 score is 8.7 (High), and no fix version has been published yet. HarborGuard is tracking the upstream advisory and will make a patched-image rebuild available as soon as a fix is released.

HarborGuard Coverage

Detection

Detection for CVE-2026-47161 is available across every HarborGuard environment. The CVE is ingested from upstream feeds within minutes of publication and matched against all customer images, including custom-built images that bundle RELATE.

Available

Triage

Triage is available using the CVSS v4.0 score of 8.7 (High), with per-environment compliance policy weighting to determine urgency and routing. Findings are routed to the appropriate team inbox within each customer organization based on configured policy rules.

Available

Patch

Because no fix version has been published, HarborGuard re-checks the upstream advisory on every ingest cycle and will make a patched-image rebuild available the moment a fix is released. In the interim, customers can apply compensating controls such as network-policy isolation around Celery broker endpoints and egress filtering on worker nodes.

Pending upstream

Exploit Conditions

Network reachabilityRequired
The attacker must be able to reach the Celery message broker over the network to deliver a malicious serialized payload.
AuthenticationRequired
Any low-privilege account (such as a student account) is sufficient to initiate the exploit path; no administrative access is needed.
Victim interactionNot required
No victim action is required; the attacker submits the payload directly to the broker without social engineering.
Attack complexityDetail
Attack complexity is low, meaning the exploit is reliable and does not depend on race conditions, special memory layout, or other unpredictable environmental factors.

Blast Radius

Reads any data accessible on the host system, including environment variables, credentials, and stored course records.
Modifies or deletes files and persisted database rows reachable from the compromised worker process.
Executes arbitrary operating system commands on the host server, enabling installation of backdoors or lateral movement tools.
Crashes or disrupts the RELATE application and its Celery worker pool, taking the courseware offline for all users.

How HarborGuard Handles This

Available on HarborGuard: since no upstream fix exists for CVE-2026-47161 at this time, the platform re-evaluates the advisory on every ingest cycle and will automatically queue a patched-image rebuild the moment a fix commit or release tag is published. While waiting for an upstream patch, customers can reduce exposure by applying Kubernetes network policies that restrict access to the Celery broker (Redis or RabbitMQ) to only authorized worker pods, enabling egress filtering on worker nodes to limit outbound command-and-control paths, and if the platform supports it, disabling or gating the code execution sandbox feature via a feature flag until a fix is available. For customers with auto-remediation enabled, a rebuilt image, regression-test run, and a PR opened against affected workloads will be triggered automatically once the fix is ingested.

See how HarborGuard automates this

CVSS v4.0: 8.7
Severity: HIGH
Fixed in: —
Affected Products: 1

Affected packages

inducer / relate
< d66ba5659b459bf1ba56b7109b5f9ecf197cbefb

CVSS Vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

References