9 matches found
📄 ZAI-Shell P2P Command Injection
This Metasploit module targets a command injection vulnerability in ZAI-Shell when running in noaimode. The exploit communicates over a plaintext P2P protocol default port 5757 and sends crafted JSON messages to execute arbitrary system commands on the target. The module includes an enhanced...
Exploit for CVE-2026-25807
CVE-2026-25807-Exploit CVE-2026-25807 Unauthenticated Remote...
CVE-2026-25807
ZAI Shell is an autonomous SysOps agent designed to navigate, repair, and secure complex environments. Prior to 9.0.3, the P2P terminal sharing feature share start opens a TCP socket on port 5757 without any authentication mechanism. Any remote attacker can connect to this port using a simple...
CVE-2026-25807
ZAI Shell is an autonomous SysOps agent designed to navigate, repair, and secure complex environments. Prior to 9.0.3, the P2P terminal sharing feature share start opens a TCP socket on port 5757 without any authentication mechanism. Any remote attacker can connect to this port using a simple...
CVE-2026-25807 Unauthenticated Remote Code Execution via P2P Sharing in ZAI-Shell
ZAI Shell is an autonomous SysOps agent designed to navigate, repair, and secure complex environments. Prior to 9.0.3, the P2P terminal sharing feature share start opens a TCP socket on port 5757 without any authentication mechanism. Any remote attacker can connect to this port using a simple...
CVE-2026-25807
CVE-2026-25807 affects ZAI Shell before version 9.0.3, where the P2P terminal sharing feature (share start) opens a TCP socket on port 5757 without authentication. A remote attacker can connect to a ZAI-Shell P2P session running in --no-ai mode and send arbitrary system commands. If the host user...
CVE-2026-25807 Unauthenticated Remote Code Execution via P2P Sharing in ZAI-Shell
ZAI Shell is an autonomous SysOps agent designed to navigate, repair, and secure complex environments. Prior to 9.0.3, the P2P terminal sharing feature share start opens a TCP socket on port 5757 without any authentication mechanism. Any remote attacker can connect to this port using a simple...
CVE-2026-25807 Unauthenticated Remote Code Execution via P2P Sharing in ZAI-Shell
ZAI Shell is an autonomous SysOps agent designed to navigate, repair, and secure complex environments. Prior to 9.0.3, the P2P terminal sharing feature share start opens a TCP socket on port 5757 without any authentication mechanism. Any remote attacker can connect to this port using a simple...
ZAI Shell 代码注入漏洞
ZAI Shell is a terminal-independent AI proxy software developed by Ömer Efe Başol TaklaXBR. Versions of ZAI Shell prior to 9.0.3 contained a code injection vulnerability. This vulnerability stemmed from the lack of an authentication mechanism in the P2P terminal sharing feature, which could lead ...