CVE-2026-26057

Name of the Vulnerable Software and Affected Versions Skill-scanner versions 1.0.1 and earlier

Description Skill Scanner is a security scanner for AI Agent Skills designed to detect prompt injection, data exfiltration, and malicious code patterns. A flaw in the API Server component could permit an unauthenticated, remote attacker to interact with the server's API. This interaction could result in a denial-of-service (DoS) condition or the uploading of arbitrary files. The root cause of this issue is an incorrect binding to multiple interfaces. An attacker can exploit this by sending API requests to a device that exposes the affected API Server. A successful exploit could lead to excessive resource consumption (memory starvation) or unauthorized file uploads to arbitrary folders on the compromised device. The API Server is not enabled by default.

Recommendations Upgrade to Skill-scanner version 1.0.2 or later to resolve this issue.