The vulnerability arises from improper sanitization of the category input in the /set_personality_config endpoint. By exploiting this, an attacker can manipulate the file path to overwrite the configs/config.yaml file. This allows the attacker to change server configurations, enabling remote code execution through the /execute_code endpoint.

An attacker sends a crafted POST request to the /set_personality_config endpoint with an empty category and a manipulated name to overwrite the configs/config.yaml file. The attacker then restarts the service to apply the new configuration, which disables code validation and allows remote code execution. Finally, the attacker sends a POST request to the /execute_code endpoint to run arbitrary code on the server.

Users running version 9.4.0 of the software who expose the /set_personality_config endpoint are affected by this vulnerability.