Security researchers from Wiz have discovered a high-severity vulnerability in Nuclei, a popular open-source vulnerability scanner used by the cybersecurity community. The flaw allows attackers to bypass security checks and potentially execute malicious code on systems running the scanner.
The vulnerability, tracked as CVE-2024-43405 with a CVSS score of 7.4, affects all versions of Nuclei after 3.0.0 up until version 3.3.2, which contains the fix. Given Nuclei's widespread adoption, with over 21,000 GitHub stars and 2.1 million downloads, this security issue raises concerns.
At the core of the problem are parsing inconsistencies between Nuclei's signature verification system and its YAML parser when handling newline characters. This mismatch, combined with how multiple signatures are processed, creates an opportunity for attackers to inject malicious content while maintaining valid signatures for benign parts of templates.
The vulnerability specifically impacts Nuclei's code protocol feature, which allows templates to execute external code on the host operating system. While this capability is designed for security assessments, it could be exploited to run unauthorized commands if compromised.
Technical analysis revealed three key weaknesses enabling the exploit:
- Different interpretation of newline characters between parsers
- Verification limited to the first signature line
- Incomplete signature validation across template content
Organizations running untrusted or community-contributed Nuclei templates are particularly at risk. Services that allow template uploads or modifications could be targeted, potentially leading to system compromise or data theft.
Users are strongly advised to update to Nuclei version 3.3.2 or later to protect against this vulnerability. The discovery highlights the importance of thorough security validation in tools designed for security testing themselves.