CVE-2026-25046
Command Injection in Kimi Agent SDK Publish Scripts via execSync
Publication date: 2026-01-29
Last updated on: 2026-01-29
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| unknown_vendor | kimi_agent_sdk | to 0.1.6 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-77 | The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the development scripts (vsix-publish.js and ovsx-publish.js) of the Kimi Agent SDK prior to version 0.1.6. These scripts pass filenames containing shell metacharacters (like $(cmd)) to execSync() as shell command strings, which can lead to arbitrary command execution. The issue is fixed in version 0.1.6 by replacing execSync with execFileSync using array arguments to safely handle filenames.
How can this vulnerability impact me? :
If you use the vulnerable development scripts with filenames containing shell metacharacters, an attacker could execute arbitrary commands on your system. However, this vulnerability only affects the development scripts and not the published VSCode extension, so end users are not impacted. The risk is limited to developers running these scripts with unsafe filenames.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability exists only in the development scripts (vsix-publish.js and ovsx-publish.js) of the Kimi Agent SDK repository prior to version 0.1.6. Detection involves checking if these scripts are present and if they handle filenames containing shell metacharacters like $(cmd). You can inspect the project directory for .vsix files with potentially unsafe filenames containing shell metacharacters. For example, you can run commands to list such files: `ls | grep -E '\$\(|\`|;|&'` to find filenames with suspicious characters. Additionally, review the version of the Kimi Agent SDK to confirm if it is prior to 0.1.6.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, immediately ensure that all .vsix files in the project directory have safe filenames without shell metacharacters before running the publish scripts. Upgrade the Kimi Agent SDK to version 0.1.6 or later, where the vulnerability is fixed by replacing execSync with execFileSync using array arguments. Avoid running the vulnerable development scripts with untrusted filenames.