Lucene search
K

6 matches found

RedhatCVE
RedhatCVE
added 2026/01/31 3:19 a.m.10 views

CVE-2026-25046

Kimi Agent SDK is a set of libraries that expose the Kimi Code Kimi CLI agent runtime in applications. The vsix-publish.js and ovsx-publish.js scripts pass filenames to execSync as shell command strings. Prior to version 0.1.6, filenames containing shell metacharacters like $cmd could execute...

2.9CVSS6.1AI score0.00113EPSS
Exploits0References1
NVD
NVD
added 2026/01/29 10:15 p.m.12 views

CVE-2026-25046

Kimi Agent SDK is a set of libraries that expose the Kimi Code Kimi CLI agent runtime in applications. The vsix-publish.js and ovsx-publish.js scripts pass filenames to execSync as shell command strings. Prior to version 0.1.6, filenames containing shell metacharacters like $cmd could execute...

2.9CVSS0.00113EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/01/29 9:37 p.m.3 views

CVE-2026-25046

Kimi Agent SDK is a set of libraries that expose the Kimi Code Kimi CLI agent runtime in applications. The vsix-publish.js and ovsx-publish.js scripts pass filenames to execSync as shell command strings. Prior to version 0.1.6, filenames containing shell metacharacters like $cmd could execute...

2.9CVSS6.1AI score0.00113EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2026/01/29 9:37 p.m.16 views

EUVD-2026-4948

Kimi Agent SDK is a set of libraries that expose the Kimi Code Kimi CLI agent runtime in applications. The vsix-publish.js and ovsx-publish.js scripts pass filenames to execSync as shell command strings. Prior to version 0.1.6, filenames containing shell metacharacters like $cmd could execute...

2.9CVSS6.1AI score0.00113EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/01/29 12:0 a.m.12 views

PT-2026-5361

Name of the Vulnerable Software and Affected Versions Kimi Agent SDK versions prior to 0.1.6 Description The Kimi Agent SDK libraries expose the Kimi Code agent runtime in applications. The vsix-publish.js and ovsx-publish.js scripts pass filenames to the execSync function as shell command string...

2.9CVSS6.1AI score0.00113EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/01/29 12:0 a.m.5 views

Kimi Agent SDK command injection vulnerability

Kimi Agent SDK is a multilingual library developed by Moonshot AI that allows for the integration of Kimi Code agents into applications. Versions of Kimi Agent SDK prior to 0.1.6 contained a command injection vulnerability. This vulnerability stemmed from the development script passing file names...

2.9CVSS5.8AI score0.00113EPSS
Exploits0References2
Rows per page
Query Builder