CVE-2026-49188
Received Received - Intake
ai_cmd Utility Root Command Injection Vulnerability

Publication date: 2026-06-04

Last updated on: 2026-06-04

Assigner: 8fc372e3-d9c5-46e4-9410-38469745c639

Description
The ai_cmd utility executes with full root permissions. It pipes socket inputs directly to popen(), paving the way for unauthenticated users to execute arbitrary root commands.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-04
Last Modified
2026-06-04
Generated
2026-06-04
AI Q&A
2026-06-04
EPSS Evaluated
N/A
NVD
CVE-2026-49188
EUVD
EUVD-2026-34205
Affected Vendors & Products
Currently, no data is known.
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-489 The product is released with debugging code still enabled or active.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

The vulnerability exists in the ai_cmd utility, which runs with full root permissions. It takes input from a socket and directly pipes that input to the popen() function without proper authentication or validation. This allows unauthenticated users to execute arbitrary commands with root privileges on the affected system.


How can this vulnerability impact me? :

This vulnerability can have severe impacts because it allows unauthenticated users to execute any command as the root user. This could lead to complete system compromise, unauthorized data access, data modification or deletion, installation of malicious software, and disruption of services.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart