CVE-2026-25130CRITICAL 9.6EPSS p51.8%

CVE-2026-25130CVE-2026-25130

Description

Cybersecurity AI (CAI) is a framework for AI Security. In versions up to and including 0.5.10, the CAI (Cybersecurity AI) framework contains multiple argument injection vulnerabilities in its function tools. User-controlled input is passed directly to shell commands via `subprocess.Popen()` with `shell=True`, allowing attackers to execute arbitrary commands on the host system. The `find_file()` tool executes without requiring user approval because find is considered a "safe" pre-approved command. This means an attacker can achieve Remote Code Execution (RCE) by injecting malicious arguments (like -exec) into the args parameter, completely bypassing any human-in-the-loop safety mechanisms. Commit e22a1220f764e2d7cf9da6d6144926f53ca01cde contains a fix.

Scoring

CVSS 3.19.6 (CRITICAL)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
EPSS0.80% probability of exploitation · percentile 51.8% · 2026-06-18T12:00:27Z
Published2026-01-30
Last modified2026-04-15

Underlying weaknesses· 1

CWE-78

References

  1. https://github.com/aliasrobotics/cai/blob/559de8fcbc2b44f3b0360f35ffdc2bb975e7d7e4/src/cai/tools/reconnaissance/filesystem.py#L60
  2. https://github.com/aliasrobotics/cai/commit/e22a1220f764e2d7cf9da6d6144926f53ca01cde
  3. https://github.com/aliasrobotics/cai/security/advisories/GHSA-jfpc-wj3m-qw2m

1

TypeTargetConfidenceTier
WeaknessImproper Neutralization of Special Elements used in an OS Command ('OS Command Injection')cwe-780%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-67511
CVE
CVE-2026-2275
CVE
CVE-2026-26216
CVE
CVE-2025-55319
CVE
CVE-2026-30304
CVE
CVE-2026-5584
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.