How is CVE-2026-50871 exploited?

Network reachability (required): The vulnerable component is exposed over the network, so an attacker must be able to reach the service via a standard network connection to deliver a crafted payload. Authentication (not-required): No credentials or prior account access are needed; the injection endpoint is accessible to unauthenticated requests. Victim interaction (not-required): The attack is fully remote and automated; no user action such as clicking a link or opening a file is needed to trigger the vulnerability. Attack complexity (info): Attack complexity is Low, meaning the exploit is reliable and requires no special race conditions, memory layout knowledge, or other environmental prerequisites.

What is the impact of CVE-2026-50871?

The attacker executes arbitrary operating system commands in the context of the Reminiscence process, gaining a foothold on the host. All data accessible to the application process can be read, including stored media archives, configuration files, and any credentials present on disk or in environment variables. The attacker can modify or delete persisted files, database records, and archived media managed by Reminiscence. The attacker can terminate or crash the service and any dependent processes, causing a full disruption of the archiving and export functionality.

Back to search

CRITICALCVE-2026-50871Published 2026-06-15Modified 2026-06-16CNA mitre

CVE-2026-50871: An OS command injection vulnerability in the media archiving and export pipeline component of kanishka-linux Reminiscence v0

An OS command injection vulnerability in the media archiving and export pipeline component of kanishka-linux Reminiscence v0.3.0 allows attackers to execute arbitrary commands via supplying a crafted input.

CVSS v3.1: 9.8
Severity: CRITICAL
Fixed in: —
Affected Products: 1

HarborGuard Analysis

Synopsis

An OS command injection vulnerability affects the media archiving and export pipeline component of kanishka-linux Reminiscence v0.3.0. The flaw is reachable over the network without any authentication, meaning any remote attacker who can reach the service can supply a crafted input to the pipeline and trigger arbitrary operating system command execution. Successful exploitation gives the attacker full control over the host process, including the ability to read, modify, or destroy data and disrupt the service. No fix version has been published yet; HarborGuard tracks this advisory and will surface a patched-image rebuild the moment an upstream fix is released.

HarborGuard Coverage

Detection

Detection of CVE-2026-50871 is available across every HarborGuard environment: the CVE is ingested from upstream advisory feeds within minutes of publication and matched against all customer images in connected registries and CI/CD pipelines, including custom-built images that bundle Reminiscence v0.3.0.

Available

Triage

Triage is available using the CVSS v3.1 base score of 9.8 (Critical), weighted against each customer organization's compliance policy to determine urgency and routing. Findings are dispatched automatically to the appropriate team inbox within the customer org based on configured escalation rules.

Available

Patch

Because no upstream fix version exists for this CVE, HarborGuard re-checks the advisory on every ingest cycle and will make a patched-image rebuild available immediately once the upstream maintainer publishes a corrected release. For customers with auto-remediation enabled, the rebuild, regression test run, and PR against affected workloads will be triggered automatically at that point.

Pending upstream

Exploit Conditions

Network reachabilityRequired
The vulnerable component is exposed over the network, so an attacker must be able to reach the service via a standard network connection to deliver a crafted payload.
AuthenticationNot required
No credentials or prior account access are needed; the injection endpoint is accessible to unauthenticated requests.
Victim interactionNot required
The attack is fully remote and automated; no user action such as clicking a link or opening a file is needed to trigger the vulnerability.
Attack complexityDetail
Attack complexity is Low, meaning the exploit is reliable and requires no special race conditions, memory layout knowledge, or other environmental prerequisites.

Blast Radius

The attacker executes arbitrary operating system commands in the context of the Reminiscence process, gaining a foothold on the host.
All data accessible to the application process can be read, including stored media archives, configuration files, and any credentials present on disk or in environment variables.
The attacker can modify or delete persisted files, database records, and archived media managed by Reminiscence.
The attacker can terminate or crash the service and any dependent processes, causing a full disruption of the archiving and export functionality.

How HarborGuard Handles This

Available on HarborGuard: images containing kanishka-linux Reminiscence v0.3.0 are flagged at Critical severity as soon as the CVE is matched during a scan cycle. Because no upstream patch exists at this time, HarborGuard monitors the advisory on every ingest pass so that a patched-image rebuild becomes available the instant a fix version is published; for customers with auto-remediation enabled, that rebuild will be followed immediately by a regression test run and a PR opened against affected workloads. In the interim, recommended compensating controls include applying Kubernetes or Docker network policies to restrict inbound access to the Reminiscence service to trusted sources only, enabling egress filtering to limit lateral movement if the process is compromised, and where operationally feasible, disabling or gating access to the media archiving and export pipeline feature until a patch is available.

See how HarborGuard automates this

Affected packages

n/a / n/a
n/a

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References

gist.github.com

Metrics

Get notified