VYPR
Critical severity9.8NVD Advisory· Published Jun 4, 2026· Updated Jun 4, 2026

CVE-2026-49188

CVE-2026-49188

Description

The ai_cmd utility executes with full root permissions. It pipes socket inputs directly to popen(), paving the way for unauthenticated users to execute arbitrary root commands.

Affected products

2

Patches

Vulnerability mechanics

References

1

News mentions

1