[GH-ISSUE #1721] Windows client mode RCE vulnerability #1195

New issue

Open

opened 2026-05-07 01:00:45 +02:00 by BreizhHardware · 1 comment

BreizhHardware commented

2026-05-07 01:00:45 +02:00

Owner

Originally created by @KazuInu on GitHub (Apr 29, 2026).
Original GitHub issue: https://github.com/binwiederhier/ntfy/issues/1721

🐞 Describe the bug

The Windows client mode has a RCE vulnerability since the variable strings aren't escaped (nor sanitized) on command execution.

💻 Components impacted

ntfy Windows client. Haven't tested yet with the Linux version.

💡 Screenshots and/or logs

Example client config:

default-host: https://ntfy.someserver.com
default-token: tk_some_token
subscribe:
- topic: ChannelTopic
  command: 'notify-send "Notification title" "%NTFY_MESSAGE%"'

If the client receives a specific crafted message. You can execute arbitrary code on every client using the same channel.
Ex:

With the example config above, you can use this message to open calc on any Windows client using a command to route the messages.
a" && "calc

🔮 Additional context

This mostly applies to public instances of ntfy, since you are supposed to trust the users/bots on your private servers (at least in theory).
In the config above, I used notify-send just as a example, but the problem lies in how ntfy executes the command.

Originally created by @KazuInu on GitHub (Apr 29, 2026). Original GitHub issue: https://github.com/binwiederhier/ntfy/issues/1721 :lady_beetle: **Describe the bug**  The Windows client mode has a RCE vulnerability since the variable strings aren't escaped (nor sanitized) on command execution. :computer: **Components impacted**  ntfy Windows client. Haven't tested yet with the Linux version. :bulb: **Screenshots and/or logs**  Example client config: ``` default-host: https://ntfy.someserver.com default-token: tk_some_token subscribe: - topic: ChannelTopic command: 'notify-send "Notification title" "%NTFY_MESSAGE%"' ``` If the client receives a specific crafted message. You can execute arbitrary code on every client using the same channel. Ex: > With the example config above, you can use this message to open calc on any Windows client using a command to route the messages. > a" && "calc :crystal_ball: **Additional context**  This mostly applies to public instances of ntfy, since you are supposed to trust the users/bots on your private servers (at least in theory). In the config above, I used notify-send just as a example, but the problem lies in how ntfy executes the command.

BreizhHardware added the

🪲 bug

label

2026-05-07 01:00:45 +02:00

BreizhHardware commented

2026-05-07 01:00:46 +02:00

Author

Owner

@KazuInu commented on GitHub (Apr 29, 2026):

To be honest... I really hope that this is just some bad config on my part, since I haven't found any reference about this in the documentation.

@KazuInu commented on GitHub (Apr 29, 2026): To be honest... I really hope that this is just some bad config on my part, since I haven't found any reference about this in the documentation.