Executive Summary
CVE-2026-10042 is a critical remote code execution (RCE) vulnerability (CVSS 9.8) in manga-image-translator, a Python tool for automatically translating text in manga, comics, and image-based content. The flaw exists in the tool's shared API server mode (share.py), where the /execute/{method_name} and /simple_execute/{method_name} HTTP endpoints deserialize attacker-controlled request data using Python's unsafe native binary serialization format without any validation or sanitization. Because this deserialization mechanism can invoke arbitrary Python callables, an unauthenticated attacker with network access to the server can achieve full remote code execution.
Vulnerability Details
| Field | Details |
|---|---|
| CVE | CVE-2026-10042 |
| CVSS Score | 9.8 (Critical) |
| Type | Remote Code Execution — Unsafe Python Deserialization |
| Component | share.py — shared API server mode |
| Endpoints | /execute/{method_name}, /simple_execute/{method_name} |
| Authentication | Not required |
| Attack Vector | Network |
| Impact | Full code execution on the host running the server |
Technical Analysis
Root Cause
The manga-image-translator tool includes a "share" mode that launches a local HTTP API server, intended to allow multiple clients to submit translation jobs. In share.py, the HTTP handler for the translate endpoints reads the raw HTTP request body and passes it directly to Python's native binary deserialization mechanism — without type validation, class allowlisting, or signature verification.
Python's native pickle serialization format is widely understood to be unsafe for untrusted data: a specially crafted payload can override the __reduce__ magic method to invoke arbitrary system-level callables during deserialization, resulting in code execution before any application-level validation can occur. NVD formally classifies this as CWE-502: Deserialization of Untrusted Data.
Attack Flow
1. Attacker crafts a malicious binary payload with __reduce__ override
2. Attacker sends HTTP POST to /execute/{method_name} on the share server
3. share.py reads the request body and deserializes it natively
4. Deserialization triggers the embedded callable, running arbitrary OS commands
5. Attacker achieves arbitrary code execution as the server process user
No credentials, API keys, or prior knowledge of the application are required. Any host reachable on the network with the share server running is vulnerable.
Scope
The vulnerability only affects deployments where manga-image-translator is started in shared/server mode. Standard single-machine usage that does not expose the HTTP API is not directly vulnerable, though the attack surface is relevant to any deployment — cloud, CI/CD, or shared infrastructure — where the tool is run as a service.
Affected Environments
Any system where:
manga-image-translatoris running in share/server mode (share.py)- The HTTP API port is accessible from an untrusted network
- The service is not protected by a firewall, reverse proxy authentication, or network-level access controls
Scanning for open instances of this server on public networks is trivial given the tool's known default port behavior.
Remediation
Immediate Actions
- Disable shared server mode in any internet-facing or untrusted network environment
- Apply network controls — if the share server must run, restrict access to trusted IPs via firewall or reverse proxy authentication
- Monitor the upstream repository for a patched release that replaces unsafe deserialization with a safe alternative (e.g., JSON)
Safer Alternatives
Any replacement implementation should:
- Replace unsafe binary deserialization with a type-safe protocol (JSON, MessagePack, Protocol Buffers)
- Validate and allowlist expected method names before dispatching
- Require authentication for all API endpoints
Detection
To identify running instances of the share server on your infrastructure:
# Review process list for share.py invocations
ps aux | grep share.py
# Check for unexpected listening ports
ss -tlnp