Skip to main content

@pensar/apex CVE-2026-36044

HIGH
OS Command Injection (CWE-78)
2026-05-27 cve@mitre.org
8.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
8.8 HIGH
AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
Analysis Generated
May 27, 2026 - 19:58 vuln.today

DescriptionCVE.org

@pensar/apex <= 0.0.58 is vulnerable to OS command injection via the smart_enumerate tool. The createSmartEnumerateTool() function in src/core/agent/tools.ts constructs a shell command by concatenating unsanitized values from the extensions array and url parameter into a string passed to Node.js child_process.exec(). Because exec() spawns a shell, shell metacharacters in those values are interpreted by the host shell, resulting in arbitrary OS command execution with the privileges of the running process.

AnalysisAI

OS command injection in the @pensar/apex Node.js agent package (versions 0.0.58 and earlier) lets a remote, unauthenticated attacker run arbitrary operating-system commands by smuggling shell metacharacters into the smart_enumerate tool's url or extensions inputs. The vulnerable createSmartEnumerateTool() routine in src/core/agent/tools.ts builds a shell command string by concatenating those untrusted values and passes it to Node.js child_process.exec(), which spawns a shell that interprets the injected characters, executing them with the privileges of the agent process. CVSS is 8.8 (network vector, low complexity, no privileges, but user/agent interaction required); the source data shows no CISA KEV listing and no EPSS score, and a referenced researcher gist may contain proof-of-concept detail though exploit code is not confirmed in the structured input.

Technical ContextAI

The flaw is a classic OS command injection (CWE-78, inferred since the CVE lists CWE as N/A) rooted in unsafe use of Node.js's child_process.exec(). Unlike execFile() or spawn() with an argument array, exec() runs its input through /bin/sh (or cmd.exe on Windows), so any shell metacharacter - ;, |, &&, $(), backticks - in the command string is interpreted rather than treated as literal data. Here, the smart_enumerate tool concatenates caller-supplied values from the extensions array and the url parameter directly into that command string with no escaping, quoting, or allow-list validation, making the shell parse attacker content as commands. @pensar/apex appears to be an AI/agent-style enumeration tool distributed via npm; no CPE strings were provided in the intelligence, so exact platform identifiers cannot be derived beyond the npm package coordinate @pensar/apex.

Affected ProductsAI

The affected product is the @pensar/apex npm package at versions 0.0.58 and earlier (<= 0.0.58), with the defect located in createSmartEnumerateTool() within src/core/agent/tools.ts. No CPE string was provided in the intelligence to pin an exact platform identifier. The package and its release history can be reviewed on npm at https://www.npmjs.com/package/@pensar/apex, and additional technical detail is referenced in a researcher gist at https://gist.github.com/NucleiAv/47e87da08b90ef464fd9b35affe578fb; no dedicated vendor security advisory URL was included in the source data.

RemediationAI

No vendor-released patch version was identified in the available data, so the primary action is to check https://www.npmjs.com/package/@pensar/apex for a release later than 0.0.58 and upgrade to it once published, since 0.0.58 and all earlier versions are vulnerable; do not assume a specific fixed version, as none is confirmed in the input. Until a fixed release is confirmed, do not pass untrusted or externally sourced values into the smart_enumerate tool's url or extensions parameters, and avoid running the agent against attacker-controllable input. The durable code-level fix (for maintainers) is to replace child_process.exec() with child_process.execFile() or spawn() using an argument array so values are never parsed by a shell; as a compensating control for operators, run the agent under a least-privilege account inside a sandbox or container with restricted filesystem and outbound network egress, accepting the trade-off that egress restrictions may break legitimate enumeration functionality that relies on outbound requests. Technical context for these steps is documented in the referenced gist at https://gist.github.com/NucleiAv/47e87da08b90ef464fd9b35affe578fb.

CVE-2024-55591 CRITICAL POC
9.8 Jan 14

FortiOS and FortiProxy contain an authentication bypass via the Node.js websocket module allowing unauthenticated remote

CVE-2014-7205 CRITICAL POC
10.0 Oct 08

Eval injection vulnerability in the internals.batch function in lib/batch.js in the bassmaster plugin before 1.5.2 for t

CVE-2025-59528 CRITICAL POC
10.0 Sep 22

Flowise version 3.0.5 contains a remote code execution vulnerability in the CustomMCP node. The mcpServerConfig paramete

CVE-2017-14849 HIGH POC
7.5 Sep 28

Node.js 8.5.0 before 8.6.0 allows remote attackers to access unintended files, because a change to ".." handling was inc

CVE-2017-5941 CRITICAL POC
9.8 Feb 09

An issue was discovered in the node-serialize package 0.0.4 for Node.js. Rated critical severity (CVSS 9.8), this vulner

CVE-2014-3744 HIGH POC
7.5 Oct 23

Directory traversal vulnerability in the st module before 0.2.5 for Node.js allows remote attackers to read arbitrary fi

CVE-2014-9566 HIGH POC
7.5 Mar 10

Multiple SQL injection vulnerabilities in the Manage Accounts page in the AccountManagement.asmx service in the Solarwin

CVE-2013-4660 MEDIUM POC
6.8 Jun 28

The JS-YAML module before 2.0.5 for Node.js parses input without properly considering the unsafe !!js/function tag, whic

CVE-2015-5688 MEDIUM POC
5.0 Sep 04

Directory traversal vulnerability in lib/app/index.js in Geddy before 13.0.8 for Node.js allows remote attackers to read

CVE-2026-45321 CRITICAL POC
9.6 May 12

Credential-harvesting malware compromised 84 versions of 42 TanStack npm packages on 2026-05-11 via chained GitHub Actio

CVE-2014-7192 CRITICAL POC
10.0 Dec 11

Eval injection vulnerability in index.js in the syntax-error package before 1.1.1 for Node.js 0.10.x, as used in IBM Rat

CVE-2013-4450 MEDIUM POC
5.0 Oct 21

The HTTP server in Node.js 0.10.x before 0.10.21 and 0.8.x before 0.8.26 allows remote attackers to cause a denial of se

Share

CVE-2026-36044 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy