VYPR
Get started
← All advisories
Critical severity9.6OSV Advisory· Published Jan 30, 2026· Updated Apr 15, 2026

CVE-2026-25130

CVE-2026-25130

Description

Cybersecurity AI (CAI) is a framework for AI Security. In versions up to and including 0.5.10, the CAI (Cybersecurity AI) framework contains multiple argument injection vulnerabilities in its function tools. User-controlled input is passed directly to shell commands via subprocess.Popen() with shell=True, allowing attackers to execute arbitrary commands on the host system. The find_file() tool executes without requiring user approval because find is considered a "safe" pre-approved command. This means an attacker can achieve Remote Code Execution (RCE) by injecting malicious arguments (like -exec) into the args parameter, completely bypassing any human-in-the-loop safety mechanisms. Commit e22a1220f764e2d7cf9da6d6144926f53ca01cde contains a fix.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
cai-frameworkPyPI
<= 0.5.10

Affected products

1

Patches

1
e22a1220f764

Merge commit from fork

https://github.com/aliasrobotics/caixelitteJan 30, 2026via ghsa
commit
1 file changed · +13 0
  • src/cai/tools/reconnaissance/filesystem.py+13 0 modified
    @@ -5,6 +5,14 @@
 from cai.tools.common import run_command  # pylint: disable=E0401
 from cai.sdk.agents import function_tool
 
+# Dangerous flags that enable RCE, file writes, or file deletion
+DANGEROUS_FIND_FLAGS = {
+    "-exec", "-execdir", "-ok", "-okdir",
+    "-delete",
+    "-fprintf", "-fprint", "-fls", "-fprint0",
+    "-print0",
+}
+
 @function_tool
 def list_dir(path: str, args: str = "", ctf=None) -> str:
     """
@@ -61,5 +69,10 @@ def find_file(file_path: str, args: str = "", ctf=None) -> str:
     """
     Find a file in the filesystem.
     """
+    # Block dangerous flags that enable RCE, file writes, or deletion
+    for flag in DANGEROUS_FIND_FLAGS:
+        if flag in args:
+            return f"Error: DANGEROUS flag '{flag}' is not allowed"
+    
     command = f'find {file_path} {args}'
     return run_command(command, ctf=ctf)

Vulnerability mechanics

Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

5

News mentions

0

No linked articles in our index yet.