Free practical cybersecurity guidance for organisations without a security team.
hello@actionsoncyber.com
← Back to Vulnerability Briefs

Critical Security Flaw in Dalfox Tool Could Let Attackers Run Commands

A serious security weakness has been found in Dalfox, a tool used for scanning websites for certain types of attacks. This flaw could let unauthorised people run harmful commands on the computer running Dalfox if it is set up in a specific way. This matters because it could lead to data loss or system damage if exploited.

27 June 2026

Reference: CVE-2026-45087

1. What is being reported?

Dalfox is an open-source tool that helps find website security issues. When run in a mode that allows remote access (REST API server mode), it listens on all network addresses without requiring a password by default. Due to a flaw, attackers who can connect to this service can send specially crafted requests that make Dalfox run dangerous commands on the computer hosting it. This vulnerability has been fixed in the latest version.

2. What this means in plain English

If your organisation uses Dalfox in this remote server mode without extra security, an attacker could take control of the system running it. This could lead to loss of data, disruption of services, or further attacks on your network. Even if you do not use Dalfox yourself, if your IT provider or software supplier uses it on your behalf, you should check.

3. Could this affect a small business?

Small organisations that do not use Dalfox or similar scanning tools are unlikely to be affected. However, if your IT provider or any software you use runs Dalfox in this mode on your systems, there is a risk. It is best to confirm with your IT support.

4. What to do now

  • Check if Dalfox is used on any of your systems, especially in REST API server mode.
  • Ensure Dalfox is updated to version 2.13.0 or later where this vulnerability is fixed.
  • If Dalfox must be used, configure it to require an API key to prevent unauthorised access.
  • Ask your IT provider to review and secure any systems running Dalfox or similar tools.

5. Ask your IT provider

Are we using Dalfox in REST API server mode on any of our systems, and if so, has it been updated to the fixed version 2.13.0 or later with proper access controls?

6. Bottom line

Make sure any use of Dalfox is updated and secured to prevent attackers from running harmful commands on your systems.

Information based on NVD, CISA KEV and reputable security reporting.

Back to Vulnerability Briefs