CVE-2026-25130
CRITICAL
GHSA-jfpc-wj3m-qw2m
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
Lifecycle Timeline
2Description
Cybersecurity AI (CAI) is a framework for AI Security. In versions up to and including 0.5.10, the CAI (Cybersecurity AI) framework contains multiple argument injection vulnerabilities in its function tools. User-controlled input is passed directly to shell commands via `subprocess.Popen()` with `shell=True`, allowing attackers to execute arbitrary commands on the host system. The `find_file()` tool executes without requiring user approval because find is considered a "safe" pre-approved command. This means an attacker can achieve Remote Code Execution (RCE) by injecting malicious arguments (like -exec) into the args parameter, completely bypassing any human-in-the-loop safety mechanisms. Commit e22a1220f764e2d7cf9da6d6144926f53ca01cde contains a fix.
Analysis
Multiple command injection vulnerabilities in CAI (Cybersecurity AI) framework up to 0.5.10 allow OS command execution through the security testing platform.
Sign in for full analysis, threat intelligence, and remediation guidance.
Remediation
Within 24 hours: Inventory all systems running CAI framework versions ≤0.5.10 and isolate affected instances from production networks if possible. Within 7 days: Implement network segmentation to restrict CAI framework access, disable function tools if not operationally critical, and apply WAF rules to filter malicious argument injection payloads. …
Sign in for detailed remediation steps.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today