CVE-2026-25130
- Source
- https://cve.org/CVERecord?id=CVE-2026-25130
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-25130.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2026-25130
- Aliases
- Published
- 2026-01-30T20:15:51.772Z
- Modified
- 2026-02-05T20:48:05.731279Z
- Severity
-
- 9.6 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H CVSS Calculator
- Summary
- Cybersecurity AI vulnerable to command Injection through argument injection in find_file Agent tool
- Details
-
Cybersecurity AI (CAI) is a framework for AI Security. In versions up to and including 0.5.10, the CAI (Cybersecurity AI) framework contains multiple argument injection vulnerabilities in its function tools. User-controlled input is passed directly to shell commands via
subprocess.Popen()withshell=True, allowing attackers to execute arbitrary commands on the host system. Thefind_file()tool executes without requiring user approval because find is considered a "safe" pre-approved command. This means an attacker can achieve Remote Code Execution (RCE) by injecting malicious arguments (like -exec) into the args parameter, completely bypassing any human-in-the-loop safety mechanisms. Commit e22a1220f764e2d7cf9da6d6144926f53ca01cde contains a fix. - Database specific
{ "cwe_ids": [ "CWE-78" ], "cna_assigner": "GitHub_M", "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/25xxx/CVE-2026-25130.json" }- References
-
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/25xxx/CVE-2026-25130.json
- https://github.com/aliasrobotics/cai/blob/559de8fcbc2b44f3b0360f35ffdc2bb975e7d7e4/src/cai/tools/reconnaissance/filesystem.py#L60
- https://github.com/aliasrobotics/cai/commit/e22a1220f764e2d7cf9da6d6144926f53ca01cde
- https://github.com/aliasrobotics/cai/security/advisories/GHSA-jfpc-wj3m-qw2m
- https://nvd.nist.gov/vuln/detail/CVE-2026-25130