qBittorrent fixes long-standing security flaw allowing remote code execution
qBittorrent has fixed a significant security flaw that allowed remote code execution due to improper SSL/TLS certificate validation. This issue, present since April 2010, was resolved in version 5.0.1, released on October 28, 2024.
The flaw enabled attackers to perform man-in-the-middle attacks by accepting any SSL certificate, including fake ones. The application has now changed its default behavior to verify certificates, enhancing user security.
Despite the fix, the qBittorrent team did not inform users adequately or assign a CVE to the issue. Users are encouraged to upgrade to the latest version to ensure their security.