CVE-2026-25807
Awaiting Analysis Awaiting Analysis - Queue
Unauthenticated TCP Socket in ZAI Shell P2P Enables Command Injection

Publication date: 2026-02-09

Last updated on: 2026-02-24

Assigner: GitHub, Inc.

Description
ZAI Shell is an autonomous SysOps agent designed to navigate, repair, and secure complex environments. Prior to 9.0.3, the P2P terminal sharing feature (share start) opens a TCP socket on port 5757 without any authentication mechanism. Any remote attacker can connect to this port using a simple socket script. An attacker who connects to a ZAI-Shell P2P session running in --no-ai mode can send arbitrary system commands. If the host user approves the command without reviewing its contents, the command executes directly with the user's privileges, bypassing all Sentinel safety checks. This vulnerability is fixed in 9.0.3.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-09
Last Modified
2026-02-24
Generated
2026-06-16
AI Q&A
2026-02-10
EPSS Evaluated
2026-06-15
NVD
CVE-2026-25807
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
taklaxbr zai_shell to 9.0.3 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-94 The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

The vulnerability exists in ZAI Shell versions prior to 9.0.3 in the P2P terminal sharing feature (share start). This feature opens a TCP socket on port 5757 without any authentication, allowing any remote attacker to connect using a simple socket script.

If the attacker connects to a ZAI-Shell P2P session running in --no-ai mode, they can send arbitrary system commands. If the host user approves these commands without reviewing them, the commands execute with the user's privileges, bypassing all Sentinel safety checks.

This vulnerability is fixed in version 9.0.3.

Impact Analysis

This vulnerability can allow a remote attacker to execute arbitrary system commands on the affected host with the privileges of the user running the ZAI Shell session.

Because the commands bypass Sentinel safety checks, malicious actions could be performed without restriction, potentially leading to full system compromise.

The impact includes confidentiality, integrity, and availability being severely affected, as indicated by the CVSS score of 8.8 with high impact on all three aspects.

Compliance Impact

I don't know

Detection Guidance

This vulnerability involves the P2P terminal sharing feature of ZAI Shell opening a TCP socket on port 5757 without authentication. To detect if this vulnerability is present on your system or network, you can check if port 5757 is open and listening.

  • Use a network scanning tool like nmap to check for open port 5757: nmap -p 5757 <target-ip>
  • On the host system, use netstat or ss to see if port 5757 is listening: netstat -tuln | grep 5757 or ss -tuln | grep 5757
  • Attempt to connect to port 5757 using a simple socket client to verify if the service responds without authentication.
Mitigation Strategies

The vulnerability is fixed in ZAI Shell version 9.0.3. The immediate mitigation step is to upgrade ZAI Shell to version 9.0.3 or later.

Until the upgrade can be performed, disable or block access to port 5757 to prevent unauthorized remote connections to the P2P terminal sharing feature.

Avoid running ZAI Shell in --no-ai mode or ensure that users carefully review any commands before approval to reduce risk.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-25807. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart