github.com/gravitational/teleport is vulnerable to command injection. An unauthenticated attacker is able to craft a malicious ssh agent installation link hosted on the teleport server to use in a social engineering attack, which then can be used to execute malicious code in the background.
packetstormsecurity.com/files/168477/Teleport-10.1.1-Remote-Code-Execution.html
github.com/gravitational/teleport
github.com/gravitational/teleport/commit/055d531dfef8f289aef94e7836fe4dee01316ae9
github.com/gravitational/teleport/pull/14944
packetstormsecurity.com/files/168137/Teleport-9.3.6-Command-Injection.html