tclahr/uac

GitHub

github.com

tclahr.github.io

Releases45

Frequency1 month 2 weeks

Last Release about 2 months ago

Stars1.38K

UAC is a powerful and extensible incident response tool designed for forensic investigators, security analysts, and IT professionals. It automates the collection of artifacts from a wide range of Unix-like systems, including AIX, ESXi, FreeBSD, Linux, macOS, NetBSD, NetScaler, OpenBSD and Solaris.

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2026-40032 ↗	Apr 8, 2026Wednesday, 8 April 2026, 22:16	7.8 HIGH	—
UAC (Unix-like Artifacts Collector) before 3.3.0-rc1 contains a command injection vulnerability in the placeholder substitution and command execution pipeline where the _run_command() function passes constructed command strings directly to eval without proper sanitization. Attackers can inject shell metacharacters or command substitutions through attacker-controlled inputs including %line% values from foreach iterators and %user% / %user_home% values derived from system files to achieve arbitrary command execution with the privileges of the UAC process.