Product

Network-Ai (< 5.9.1)

1 brief RSS

Network-AI: Improper Neutralization of Special Elements used in an OS Command (CVE-2026-54051)

The `network-ai` package, versions prior to 5.9.1, is vulnerable to a critical command injection flaw (CVE-2026-54051) where the `ShellExecutor` component fails to properly neutralize shell metacharacters when processing commands, allowing an attacker to achieve arbitrary command execution as the orchestrator process by bypassing allowlist controls.

network-ai command-injection rce node.js linux macos software-supply-chain

2r 1t 1d ago