CVE-2026-36044
Description
@pensar/apex <= 0.0.58 is vulnerable to OS command injection via the smart_enumerate tool. The createSmartEnumerateTool() function in src/core/agent/tools.ts constructs a shell command by concatenating unsanitized values from the extensions array and url parameter into a string passed to Node.js child_process.exec(). Because exec() spawns a shell, shell metacharacters in those values are interpreted by the host shell, resulting in arbitrary OS command execution with the privileges of the running process.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
OS command injection in @pensar/apex ≤ 0.0.58 via unsanitized shell metacharacters in the smart_enumerate tool, leading to arbitrary command execution.
Vulnerability
The @pensar/apex package up to version 0.0.58 contains an OS command injection vulnerability in the smart_enumerate tool. The createSmartEnumerateTool() function in src/core/agent/tools.ts (starting at line 1735) constructs a shell command by unsafely concatenating unsanitized values from the extensions array and the url parameter into a string passed to Node.js child_process.exec(). Because exec() spawns a shell (/bin/sh -c on Unix, cmd.exe /d /s /c on Windows), any shell metacharacters in these inputs are interpreted by the host shell, leading to arbitrary OS command execution. Affected versions are @pensar/apex <= 0.0.58. [1]
Exploitation
An attacker can exploit this vulnerability by supplying malicious input through either the extensions array or the url parameter of the smart_enumerate tool. No special network position is required if the tool is exposed to untrusted users (e.g., via an API or autonomous LLM agent pipeline). On success, the crafted shell metacharacters (such as backticks, $(), or ;) are executed by the shell, allowing arbitrary commands to be run with the privileges of the Node.js process. The tool is typically invoked by an operator or automated pipeline, so attacker-controlled input reaching those inputs triggers the injection. [1]
Impact
Successful exploitation allows an attacker to execute arbitrary operating system commands on the host system. The commands run with the same privileges as the running @pensar/apex process, which could lead to full system compromise, data exfiltration, or deployment of additional malicious software. The impact is high, affecting confidentiality, integrity, and availability of the affected system. [1]
Mitigation
The vendor has been contacted and declined to patch the vulnerability. As of the publication date (2026-05-27), no fixed version exists. Users are advised to restrict access to the smart_enumerate tool, avoid exposing it to untrusted input, and consider using a sandboxed environment or alternative software to mitigate risk. The vulnerability is not listed on CISA's Known Exploited Vulnerabilities (KEV) catalog as of the disclosure date. [1]
AI Insight generated on May 27, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
1- Range: <=0.0.58
Patches
0No patches discovered yet.
Vulnerability mechanics
Root cause
"Missing sanitization of the url and extensions parameters before string interpolation into a shell command executed via child_process.exec()."
Attack vector
An attacker can inject OS commands through either the `url` string parameter or any element of the `extensions` array passed to the `smart_enumerate` tool [ref_id=1]. Because `execAsync` wraps `child_process.exec()`, the constructed command string is passed to `/bin/sh -c <cmd>` (Linux/macOS) or `cmd.exe /d /s /c <cmd>` (Windows), so shell metacharacters such as backticks, `$()`, or semicolons in the unsanitized values are interpreted by the host shell [ref_id=1]. The attack can be delivered directly by any operator or automated pipeline that calls `smart_enumerate` with attacker-controlled input, or indirectly via prompt injection when the autonomous LLM agent scans a target server controlled by the attacker [ref_id=1].
Affected code
The vulnerable function is `createSmartEnumerateTool()` in `src/core/agent/tools.ts` (starting at line 1735). The function constructs a shell command by concatenating unsanitized values from the `extensions` array and `url` parameter into a string passed to `child_process.exec()` via the promisified wrapper `execAsync` [ref_id=1]. The command template at lines 1767-1775 builds a `feroxagent` invocation where `url` is interpolated directly and `extensions.join(",")` is appended without any sanitization [ref_id=1].
What the fix does
No patch is available — the vendor declined to fix the vulnerability [ref_id=1]. The advisory recommends avoiding the use of `child_process.exec()` with unsanitized user input; instead, `child_process.execFile()` or `child_process.spawn()` with argument arrays should be used to prevent shell interpretation of metacharacters [ref_id=1]. Any values passed as `url` or `extensions` must be strictly validated or escaped before being incorporated into a shell command [ref_id=1].
Preconditions
- inputThe attacker must be able to supply values for the url parameter or elements of the extensions array passed to the smart_enumerate tool
- inputFor the prompt-injection vector, the attacker must control a target server that the LLM agent scans, causing the agent to generate malicious tool arguments
Generated on May 27, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
2News mentions
0No linked articles in our index yet.