Input validation error in SABnzbd - CVE-2020-13124
Published: August 1, 2020 / Updated: June 29, 2026
SABnzbd
Detailed vulnerability description
The vulnerability allows a remote attacker to execute arbitrary code.
The vulnerability exists due to improper input validation in the isFAT() function in checkdir.py and related settings handling when processing specially crafted Completed Download Folder, Nice, or IONice Parameters settings through the web interface. A remote attacker can submit specially crafted settings values to execute arbitrary code.
Exploitation requires access to the web interface. By default, the web interface is only accessible from localhost, and Windows systems are not affected.