CVE-2026-47211

A Remote Code Execution (RCE) vulnerability was discovered in Ouroboros. If a user clones a malicious repository and runs Ouroboros commands within that directory, it can lead to arbitrary code execution and potential system takeover.

The vulnerability (CWE-426: Untrusted Search Path & CWE-15: External Control of System Setting) stems from Ouroboros loading the .env file from the current working directory. Prior to the patch, execution-affecting environment variables such as OUROBOROS CLI PATH, OPENCODE CLI PATH, and other backend selectors were accepted directly from this local .env. An attacker could include a malicious script in the repository and point the CLI path variable to it (e.g., OUROBOROS CLI PATH=./malicious script.sh). When the user executes a command like ouroboros init or any command that instantiates the adapter, the malicious script is executed instead of the intended CLI.

The vulnerability has been patched in version 0.39.0 via PR #1078. The fix establishes a strict trust boundary by applying a denylist to project-local .env loading. It blocks execution-affecting environment variables (such as runtime selectors and CLI path overrides) from being loaded from the project directory. Explicit constructor overrides and trusted user-owned home configurations (~/.ouroboros/.env) remain fully functional.

Users are strongly advised to upgrade to version 0.39.0 or later.

If upgrading is not immediately possible, users must carefully inspect any .env file inside cloned repositories before running Ouroboros commands to ensure it does not contain unexpected OUROBOROS * CLI PATH or OPENCODE CLI PATH overrides.