qBittorrent fixes long-standing security flaw allowing remote code execution

bleepingcomputer.com October 31, 2024, 04:01 PM UTC

qBittorrent has fixed a significant security flaw that allowed remote code execution due to improper SSL/TLS certificate validation. This issue, present since April 2010, was resolved in version 5.0.1, released on October 28, 2024.

The flaw enabled attackers to perform man-in-the-middle attacks by accepting any SSL certificate, including fake ones. The application has now changed its default behavior to verify certificates, enhancing user security.

Despite the fix, the qBittorrent team did not inform users adequately or assign a CVE to the issue. Users are encouraged to upgrade to the latest version to ensure their security.


With a significance score of 3.7, this news ranks in the top 27% of today's 18327 analyzed articles.

Get summaries of news with significance over 5.5 (usually ~10 stories per week). Read by 8000 minimalists.