CVE-2026-25130
Unknown Unknown - Not Provided
Argument Injection in Cybersecurity AI Tools Enables Remote Code Execution

Publication date: 2026-01-30

Last updated on: 2026-01-30

Assigner: GitHub, Inc.

Description
Cybersecurity AI (CAI) is a framework for AI Security. In versions up to and including 0.5.10, the CAI (Cybersecurity AI) framework contains multiple argument injection vulnerabilities in its function tools. User-controlled input is passed directly to shell commands via `subprocess.Popen()` with `shell=True`, allowing attackers to execute arbitrary commands on the host system. The `find_file()` tool executes without requiring user approval because find is considered a "safe" pre-approved command. This means an attacker can achieve Remote Code Execution (RCE) by injecting malicious arguments (like -exec) into the args parameter, completely bypassing any human-in-the-loop safety mechanisms. Commit e22a1220f764e2d7cf9da6d6144926f53ca01cde contains a fix.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-01-30
Last Modified
2026-01-30
Generated
2026-06-16
AI Q&A
2026-01-30
EPSS Evaluated
2026-06-15
NVD
CVE-2026-25130
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
aliasrobotics cai to 0.5.10 (inc)
aliasrobotics cai-framework to 0.5.10 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-78 The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-25130 is a critical command injection vulnerability in the Cybersecurity AI (CAI) framework's find_file() function. The function uses user-controlled input directly in shell commands executed with subprocess.Popen() and shell=True, without sanitization. This allows attackers to inject malicious arguments, such as the -exec flag in the Unix find command, leading to remote code execution (RCE) on the host system. The vulnerability bypasses human-in-the-loop safety mechanisms because the find_file() tool runs without user approval, assuming the find command is safe. [3]

Impact Analysis

This vulnerability allows remote attackers to execute arbitrary commands on the host system where the CAI framework is running. Because the find_file() tool executes without user approval, attackers can inject malicious commands that may lead to full system compromise, including unauthorized file writes, deletions, or other harmful actions. The impact includes complete loss of confidentiality, integrity, and availability of the affected system. [3]

Detection Guidance

You can detect exploitation attempts by monitoring for unexpected files or commands executed via the find_file tool, especially those using dangerous find flags like -exec. For example, check for suspicious files created by injected commands, such as /tmp/pwned. A command to detect such files could be: `ls -l /tmp/pwned`. Additionally, monitoring logs or command executions that include find commands with dangerous flags (-exec, -execdir, -ok, etc.) may indicate exploitation attempts. Since the vulnerability involves subprocess.Popen with shell=True executing find commands with user-controlled args, look for processes running find with these flags. Example command to find running processes: `ps aux | grep 'find .* -exec'`. [3, 1]

Mitigation Strategies

Immediately update the CAI framework to include the fix introduced in commit e22a1220f764e2d7cf9da6d6144926f53ca01cde, which adds checks in the find_file function to block dangerous find command flags such as -exec, -execdir, -ok, and others. If updating is not immediately possible, restrict or monitor usage of the find_file tool to prevent passing dangerous flags in the args parameter. Also, consider applying network-level protections to block exploitation attempts and review user inputs that reach the find_file function to sanitize or validate them before execution. [1]

Compliance Impact

This vulnerability allows remote attackers to execute arbitrary commands on the host system, potentially leading to unauthorized access, data manipulation, or data loss. Such security breaches can result in non-compliance with common standards and regulations like GDPR and HIPAA, which require protection of sensitive data and maintaining system integrity. Therefore, exploitation of this vulnerability could lead to violations of these regulations due to compromised confidentiality, integrity, and availability of data. [3]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-25130. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart