CVE-2026-25046
Unknown Unknown - Not Provided
Command Injection in Kimi Agent SDK Publish Scripts via execSync

Publication date: 2026-01-29

Last updated on: 2026-01-29

Assigner: GitHub, Inc.

Description
Kimi Agent SDK is a set of libraries that expose the Kimi Code (Kimi CLI) agent runtime in applications. The vsix-publish.js and ovsx-publish.js scripts pass filenames to execSync() as shell command strings. Prior to version 0.1.6, filenames containing shell metacharacters like $(cmd) could execute arbitrary commands. Note: This vulnerability exists only in the repository's development scripts. The published VSCode extension does not include these files and end users are not affected. This is fixed in version 0.1.6 by replacing execSync with execFileSync using array arguments. As a workaround, ensure .vsix files in the project directory have safe filenames before running publish scripts.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-01-29
Last Modified
2026-01-29
Generated
2026-06-16
AI Q&A
2026-01-30
EPSS Evaluated
2026-06-15
NVD
CVE-2026-25046
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
unknown_vendor kimi_agent_sdk to 0.1.6 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-77 The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in the development scripts (vsix-publish.js and ovsx-publish.js) of the Kimi Agent SDK prior to version 0.1.6. These scripts pass filenames containing shell metacharacters (like $(cmd)) to execSync() as shell command strings, which can lead to arbitrary command execution. The issue is fixed in version 0.1.6 by replacing execSync with execFileSync using array arguments to safely handle filenames.

Impact Analysis

If you use the vulnerable development scripts with filenames containing shell metacharacters, an attacker could execute arbitrary commands on your system. However, this vulnerability only affects the development scripts and not the published VSCode extension, so end users are not impacted. The risk is limited to developers running these scripts with unsafe filenames.

Detection Guidance

This vulnerability exists only in the development scripts (vsix-publish.js and ovsx-publish.js) of the Kimi Agent SDK repository prior to version 0.1.6. Detection involves checking if these scripts are present and if they handle filenames containing shell metacharacters like $(cmd). You can inspect the project directory for .vsix files with potentially unsafe filenames containing shell metacharacters. For example, you can run commands to list such files: `ls | grep -E '\$\(|\`|;|&'` to find filenames with suspicious characters. Additionally, review the version of the Kimi Agent SDK to confirm if it is prior to 0.1.6.

Mitigation Strategies

To mitigate this vulnerability, immediately ensure that all .vsix files in the project directory have safe filenames without shell metacharacters before running the publish scripts. Upgrade the Kimi Agent SDK to version 0.1.6 or later, where the vulnerability is fixed by replacing execSync with execFileSync using array arguments. Avoid running the vulnerable development scripts with untrusted filenames.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-25046. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart