CVE-2026-25130

CRITICAL

CAI Framework <= 0.5.10 - Remote Code Execution via Argument Injection in find_file Tool

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2026-25130. PoCs published by XiaomingX, mbanyamer.

AI-analyzed exploit summary This repository contains a functional SQL injection exploit for WordPress Quiz Maker (CVE-2025-10042), demonstrating time-based blind SQLi via crafted HTTP headers. The exploit includes methods for vulnerability detection, data extraction, and credential dumping.

Description

Cybersecurity AI (CAI) is a framework for AI Security. In versions up to and including 0.5.10, the CAI (Cybersecurity AI) framework contains multiple argument injection vulnerabilities in its function tools. User-controlled input is passed directly to shell commands via `subprocess.Popen()` with `shell=True`, allowing attackers to execute arbitrary commands on the host system. The `find_file()` tool executes without requiring user approval because find is considered a "safe" pre-approved command. This means an attacker can achieve Remote Code Execution (RCE) by injecting malicious arguments (like -exec) into the args parameter, completely bypassing any human-in-the-loop safety mechanisms. Commit e22a1220f764e2d7cf9da6d6144926f53ca01cde contains a fix.

Exploits (2)

github WORKING POC 10 stars

by XiaomingX · pythonpoc

https://github.com/XiaomingX/data-cve-poc-py-v1/tree/main/2026/CVE-2026-25130

View Code ZIP pw:eip

This repository contains a functional SQL injection exploit for WordPress Quiz Maker (CVE-2025-10042), demonstrating time-based blind SQLi via crafted HTTP headers. The exploit includes methods for vulnerability detection, data extraction, and credential dumping.

Classification

Working Poc 95%

Attack Type

Sqli

Complexity

Moderate

Reliability

Reliable

Target: WordPress Quiz Maker <= 6.7.0.56

No auth needed

Prerequisites: target WordPress URL · path to quiz page · vulnerable header (default: X-Forwarded-For)

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 27, 2026 Full analysis →

nomisec WORKING POC

by mbanyamer · poc

https://github.com/mbanyamer/CVE-2026-25130-Cybersecurity-AI-CAI-Framework-0.5.10

View Code ZIP pw:eip

This PoC demonstrates an argument injection vulnerability in the Cybersecurity AI (CAI) Framework's `find_file` function, leading to OS command injection. It includes tests for command execution, file creation, and a commented reverse shell example.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: Cybersecurity AI (CAI) Framework <= 0.5.10

No auth needed

Prerequisites: Vulnerable version of cai-framework (<= 0.5.10) · Local execution environment

MITRE ATT&CK

T1059 - Command and Scripting Interpreter T1202 - Indirect Command Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Vendor Advisory x_refsource_confirm

https://github.com/aliasrobotics/cai/security/advisories/GHSA-jfpc-wj3m-qw2m

Patch x_refsource_misc

https://github.com/aliasrobotics/cai/commit/e22a1220f764e2d7cf9da6d6144926f53ca01cde

View Patch ZIP pw:eip

Various Sources x_refsource_misc

https://github.com/aliasrobotics/cai/blob/559de8fcbc2b44f3b0360f35ffdc2bb975e7d7e4/src/cai/tools/reconnaissance/filesystem.py#L60

View Writeup ZIP pw:eip

Scores

CVSS v3 9.6

EPSS 0.0005

EPSS Percentile 17.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact total

Details

CWE

CWE-78

Status published

Products (2)

aliasrobotics/cai <= 0.5.10

pypi/cai-framework 0PyPI

Published Jan 30, 2026

Tracked Since Feb 18, 2026