CVE-2026-25130
Description
Cybersecurity AI (CAI) is a framework for AI Security. In versions up to and including 0.5.10, the CAI (Cybersecurity AI) framework contains multiple argument injection vulnerabilities in its function tools. User-controlled input is passed directly to shell commands via subprocess.Popen() with shell=True, allowing attackers to execute arbitrary commands on the host system. The find_file() tool executes without requiring user approval because find is considered a "safe" pre-approved command. This means an attacker can achieve Remote Code Execution (RCE) by injecting malicious arguments (like -exec) into the args parameter, completely bypassing any human-in-the-loop safety mechanisms. Commit e22a1220f764e2d7cf9da6d6144926f53ca01cde contains a fix.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
cai-frameworkPyPI | <= 0.5.10 | — |
Affected products
2- Range: 0.5.6, 0.5.7, 0.5.8, …
Patches
Vulnerability mechanics
References
5- github.com/advisories/GHSA-jfpc-wj3m-qw2mghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2026-25130ghsaADVISORY
- github.com/aliasrobotics/cai/blob/559de8fcbc2b44f3b0360f35ffdc2bb975e7d7e4/src/cai/tools/reconnaissance/filesystem.pynvdWEB
- github.com/aliasrobotics/cai/commit/e22a1220f764e2d7cf9da6d6144926f53ca01cdenvdWEB
- github.com/aliasrobotics/cai/security/advisories/GHSA-jfpc-wj3m-qw2mnvdWEB
News mentions
0No linked articles in our index yet.