CVE-2026-25807
Unauthenticated TCP Socket in ZAI Shell P2P Enables Command Injection
Publication date: 2026-02-09
Last updated on: 2026-02-24
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| taklaxbr | zai_shell | to 9.0.3 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-94 | The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
The vulnerability exists in ZAI Shell versions prior to 9.0.3 in the P2P terminal sharing feature (share start). This feature opens a TCP socket on port 5757 without any authentication, allowing any remote attacker to connect using a simple socket script.
If the attacker connects to a ZAI-Shell P2P session running in --no-ai mode, they can send arbitrary system commands. If the host user approves these commands without reviewing them, the commands execute with the user's privileges, bypassing all Sentinel safety checks.
This vulnerability is fixed in version 9.0.3.
How can this vulnerability impact me? :
This vulnerability can allow a remote attacker to execute arbitrary system commands on the affected host with the privileges of the user running the ZAI Shell session.
Because the commands bypass Sentinel safety checks, malicious actions could be performed without restriction, potentially leading to full system compromise.
The impact includes confidentiality, integrity, and availability being severely affected, as indicated by the CVSS score of 8.8 with high impact on all three aspects.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability involves the P2P terminal sharing feature of ZAI Shell opening a TCP socket on port 5757 without authentication. To detect if this vulnerability is present on your system or network, you can check if port 5757 is open and listening.
- Use a network scanning tool like nmap to check for open port 5757: nmap -p 5757 <target-ip>
- On the host system, use netstat or ss to see if port 5757 is listening: netstat -tuln | grep 5757 or ss -tuln | grep 5757
- Attempt to connect to port 5757 using a simple socket client to verify if the service responds without authentication.
What immediate steps should I take to mitigate this vulnerability?
The vulnerability is fixed in ZAI Shell version 9.0.3. The immediate mitigation step is to upgrade ZAI Shell to version 9.0.3 or later.
Until the upgrade can be performed, disable or block access to port 5757 to prevent unauthorized remote connections to the P2P terminal sharing feature.
Avoid running ZAI Shell in --no-ai mode or ensure that users carefully review any commands before approval to reduce risk.