CVE-2026-25130

Name of the Vulnerable Software and Affected Versions Cybersecurity AI (CAI) versions up to and including 0.5.10

Description The Cybersecurity AI (CAI) framework contains multiple argument injection vulnerabilities within its function tools. User-controlled input is directly passed to shell commands using subprocess.Popen() with shell=True, potentially allowing attackers to execute arbitrary commands on the host system. Specifically, the find file() function, located in src/cai/tools/reconnaissance/filesystem.py, is vulnerable because it executes without requiring user approval, as the find command is considered a "safe" pre-approved command. An attacker can exploit this by injecting malicious arguments, such as -exec, into the args parameter, bypassing safety mechanisms and achieving Remote Code Execution (RCE). The vulnerable command construction is: command = f'find {file path} {args}'. The file path and args variables are user-controlled inputs.

Recommendations Versions up to and including 0.5.10 should be updated to a version containing commit e22a1220f764e2d7cf9da6d6144926f53ca01cde or later. As a temporary workaround, consider restricting or disabling the use of the find file() function until a patch is applied.