From 0f37e30f28c44fc4c4e367c85099a631a412b253 Mon Sep 17 00:00:00 2001
From: "CanbiZ (MickLesk)" <47820557+MickLesk@users.noreply.github.com>
Date: Mon, 8 Jun 2026 22:28:17 +0200
Subject: [PATCH] security: Fix MITM RCE vulnerability in microcode scripts
 (CVE) (#15007)

Co-authored-by: Security Fix <security@community-scripts.org>
---
 tools/pve/microcode.sh     | 2 +-
 tools/pve/pbs-microcode.sh | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/tools/pve/microcode.sh b/tools/pve/microcode.sh
index 7024c089e..b1b236ad5 100644
--- a/tools/pve/microcode.sh
+++ b/tools/pve/microcode.sh
@@ -76,7 +76,7 @@ intel() {
   }
 
   msg_info "Downloading the Intel Processor Microcode Package $microcode"
-  curl -fsSL "http://ftp.debian.org/debian/pool/non-free-firmware/i/intel-microcode/$microcode" -o $(basename "http://ftp.debian.org/debian/pool/non-free-firmware/i/intel-microcode/$microcode")
+  curl -fsSL --proto '=https' "https://ftp.debian.org/debian/pool/non-free-firmware/i/intel-microcode/$microcode" -o "$microcode"
   msg_ok "Downloaded the Intel Processor Microcode Package $microcode"
 
   msg_info "Installing $microcode (Patience)"
diff --git a/tools/pve/pbs-microcode.sh b/tools/pve/pbs-microcode.sh
index e9cfd8bd5..0c6222899 100644
--- a/tools/pve/pbs-microcode.sh
+++ b/tools/pve/pbs-microcode.sh
@@ -90,7 +90,7 @@ intel() {
   }
 
   msg_info "Downloading Intel processor microcode package $microcode"
-  curl -fsSL "http://ftp.debian.org/debian/pool/non-free-firmware/i/intel-microcode/$microcode" -o $(basename "http://ftp.debian.org/debian/pool/non-free-firmware/i/intel-microcode/$microcode")
+  curl -fsSL --proto '=https' "https://ftp.debian.org/debian/pool/non-free-firmware/i/intel-microcode/$microcode" -o "$microcode"
   msg_ok "Downloaded Intel processor microcode package $microcode"
 
   msg_info "Installing $microcode (this might take a while)"