Skip to main content

Kimi Agent SDK CVE-2026-25046

LOW
Command Injection (CWE-77)
2026-01-29 security-advisories@github.com
2.9
CVSS 3.1 · GitHub Advisory

Severity by source

GitHub Advisory PRIMARY
2.9 LOW
AV:L/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:N

Primary rating from GitHub Advisory · only source for this CVE.

CVSS VectorGitHub Advisory

CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:N
Attack Vector
Local
Attack Complexity
High
Privileges Required
High
User Interaction
Required
Scope
Unchanged
Confidentiality
Low
Integrity
Low
Availability
None

Lifecycle Timeline

2
Analysis Generated
Mar 12, 2026 - 22:00 vuln.today
CVE Published
Jan 29, 2026 - 22:15 nvd
LOW 2.9

DescriptionGitHub Advisory

Kimi Agent SDK is a set of libraries that expose the Kimi Code (Kimi CLI) agent runtime in applications. The vsix-publish.js and ovsx-publish.js scripts pass filenames to execSync() as shell command strings. Prior to version 0.1.6, filenames containing shell metacharacters like $(cmd) could execute arbitrary commands. Note: This vulnerability exists only in the repository's development scripts. The published VSCode extension does not include these files and end users are not affected. This is fixed in version 0.1.6 by replacing execSync with execFileSync using array arguments. As a workaround, ensure .vsix files in the project directory have safe filenames before running publish scripts.

AnalysisAI

Kimi Agent SDK is a set of libraries that expose the Kimi Code (Kimi CLI) agent runtime in applications. The vsix-publish.js and ovsx-publish.js scripts pass filenames to execSync() as shell command strings. [CVSS 2.9 LOW]

Technical ContextAI

Classified as CWE-77 (Command Injection). Affects as shell command strings.. Kimi Agent SDK is a set of libraries that expose the Kimi Code (Kimi CLI) agent runtime in applications. The vsix-publish.js and ovsx-publish.js scripts pass filenames to execSync() as shell command strings. Prior to version 0.1.6, filenames containing shell metacharacters like $(cmd) could execute arbitrary commands. Note: This vulnerability exists only in the repository's development scripts. The published VSCode extension does not include these files and end users are not affected. This is fi

Affected ProductsAI

Product: as shell command strings.. Versions: up to 0.1.6.

RemediationAI

Fixed in version 0.1.6.

Share

CVE-2026-25046 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy