{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-23T01:33:47.449","vulnerabilities":[{"cve":{"id":"CVE-2026-25130","sourceIdentifier":"security-advisories@github.com","published":"2026-01-30T21:15:58.443","lastModified":"2026-04-15T00:35:42.020","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Cybersecurity AI (CAI) is a framework for AI Security. In versions up to and including 0.5.10, the CAI (Cybersecurity AI) framework contains multiple argument injection vulnerabilities in its function tools. User-controlled input is passed directly to shell commands via `subprocess.Popen()` with `shell=True`, allowing attackers to execute arbitrary commands on the host system. The `find_file()` tool executes without requiring user approval because find is considered a \"safe\" pre-approved command. This means an attacker can achieve Remote Code Execution (RCE) by injecting malicious arguments (like -exec) into the args parameter, completely bypassing any human-in-the-loop safety mechanisms. Commit e22a1220f764e2d7cf9da6d6144926f53ca01cde contains a fix."},{"lang":"es","value":"Ciberseguridad AI (CAI) es un framework para la seguridad de la IA. En versiones hasta la 0.5.10 inclusive, el framework CAI (Ciberseguridad AI) contiene múltiples vulnerabilidades de inyección de argumentos en sus herramientas de función. La entrada controlada por el usuario se pasa directamente a comandos de shell a través de `subprocess.Popen()` con `shell=True`, permitiendo a los atacantes ejecutar comandos arbitrarios en el sistema anfitrión. La herramienta `find_file()` se ejecuta sin requerir aprobación del usuario porque find se considera un comando 'seguro' preaprobado. Esto significa que un atacante puede lograr Ejecución Remota de Código (RCE) inyectando argumentos maliciosos (como -exec) en el parámetro args, eludiendo completamente cualquier mecanismo de seguridad de intervención humana. El commit e22a1220f764e2d7cf9da6d6144926f53ca01cde contiene una solución."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H","baseScore":9.6,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":6.0}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-78"}]}],"references":[{"url":"https://github.com/aliasrobotics/cai/blob/559de8fcbc2b44f3b0360f35ffdc2bb975e7d7e4/src/cai/tools/reconnaissance/filesystem.py#L60","source":"security-advisories@github.com"},{"url":"https://github.com/aliasrobotics/cai/commit/e22a1220f764e2d7cf9da6d6144926f53ca01cde","source":"security-advisories@github.com"},{"url":"https://github.com/aliasrobotics/cai/security/advisories/GHSA-jfpc-wj3m-qw2m","source":"security-advisories@github.com"}]}}]}