CVE-2026-25130

{"id": "CVE-2026-25130", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 9.6, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 6.0, "exploitabilityScore": 2.8}]}, "published": "2026-01-30T21:15:58.443", "references": [{"url": "https://github.com/aliasrobotics/cai/blob/559de8fcbc2b44f3b0360f35ffdc2bb975e7d7e4/src/cai/tools/reconnaissance/filesystem.py#L60", "source": "security-advisories@github.com"}, {"url": "https://github.com/aliasrobotics/cai/commit/e22a1220f764e2d7cf9da6d6144926f53ca01cde", "source": "security-advisories@github.com"}, {"url": "https://github.com/aliasrobotics/cai/security/advisories/GHSA-jfpc-wj3m-qw2m", "source": "security-advisories@github.com"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-78"}]}], "descriptions": [{"lang": "en", "value": "Cybersecurity AI (CAI) is a framework for AI Security. In versions up to and including 0.5.10, the CAI (Cybersecurity AI) framework contains multiple argument injection vulnerabilities in its function tools. User-controlled input is passed directly to shell commands via `subprocess.Popen()` with `shell=True`, allowing attackers to execute arbitrary commands on the host system. The `find_file()` tool executes without requiring user approval because find is considered a \"safe\" pre-approved command. This means an attacker can achieve Remote Code Execution (RCE) by injecting malicious arguments (like -exec) into the args parameter, completely bypassing any human-in-the-loop safety mechanisms. Commit e22a1220f764e2d7cf9da6d6144926f53ca01cde contains a fix."}, {"lang": "es", "value": "Ciberseguridad AI (CAI) es un framework para la seguridad de la IA. En versiones hasta la 0.5.10 inclusive, el framework CAI (Ciberseguridad AI) contiene m\u00faltiples vulnerabilidades de inyecci\u00f3n de argumentos en sus herramientas de funci\u00f3n. La entrada controlada por el usuario se pasa directamente a comandos de shell a trav\u00e9s de `subprocess.Popen()` con `shell=True`, permitiendo a los atacantes ejecutar comandos arbitrarios en el sistema anfitri\u00f3n. La herramienta `find_file()` se ejecuta sin requerir aprobaci\u00f3n del usuario porque find se considera un comando 'seguro' preaprobado. Esto significa que un atacante puede lograr Ejecuci\u00f3n Remota de C\u00f3digo (RCE) inyectando argumentos maliciosos (como -exec) en el par\u00e1metro args, eludiendo completamente cualquier mecanismo de seguridad de intervenci\u00f3n humana. El commit e22a1220f764e2d7cf9da6d6144926f53ca01cde contiene una soluci\u00f3n."}], "lastModified": "2026-04-15T00:35:42.020", "sourceIdentifier": "security-advisories@github.com"}