CVE-2026-25807

HIGH

taklaxbr/zai_shell < 9.0.3 - Unauthenticated Remote Code Execution via P2P Terminal Sharing

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2026-25807. PoCs published by XiaomingX, ibrahmsql.

AI-analyzed exploit summary This repository contains a functional SQL injection exploit for WordPress Quiz Maker (CVE-2025-10042), demonstrating time-based blind SQLi via crafted HTTP headers. The PoC includes automated data extraction for admin credentials and hashes.

Description

ZAI Shell is an autonomous SysOps agent designed to navigate, repair, and secure complex environments. Prior to 9.0.3, the P2P terminal sharing feature (share start) opens a TCP socket on port 5757 without any authentication mechanism. Any remote attacker can connect to this port using a simple socket script. An attacker who connects to a ZAI-Shell P2P session running in --no-ai mode can send arbitrary system commands. If the host user approves the command without reviewing its contents, the command executes directly with the user's privileges, bypassing all Sentinel safety checks. This vulnerability is fixed in 9.0.3.

Exploits (2)

github WORKING POC 10 stars

by XiaomingX · pythonpoc

https://github.com/XiaomingX/data-cve-poc-py-v1/tree/main/2026/CVE-2026-25807

View Code ZIP pw:eip

This repository contains a functional SQL injection exploit for WordPress Quiz Maker (CVE-2025-10042), demonstrating time-based blind SQLi via crafted HTTP headers. The PoC includes automated data extraction for admin credentials and hashes.

Classification

Working Poc 95%

Attack Type

Sqli

Complexity

Moderate

Reliability

Reliable

Target: WordPress Quiz Maker <= 6.7.0.56

No auth needed

Prerequisites: target WordPress URL · path to quiz page · vulnerable header (default: X-Forwarded-For)

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 27, 2026 Full analysis →

nomisec WORKING POC 1 stars

by ibrahmsql · poc

https://github.com/ibrahmsql/CVE-2026-25807-Exploit

View Code ZIP pw:eip

This PoC exploits an unauthenticated RCE vulnerability in ZAI-Shell via P2P terminal sharing when no_ai_mode is enabled. It connects to a target, sends a command, and retrieves the output if the mode is active.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: ZAI-Shell (version not specified)

No auth needed

Prerequisites: Target must have ZAI-Shell running with P2P sharing enabled via 'share start --no-ai'

MITRE ATT&CK

T1059 - Command and Scripting Interpreter T1021.001 - Remote Desktop Protocol

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Vendor Advisory x_refsource_confirm

https://github.com/TaklaXBR/zai-shell/security/advisories/GHSA-6pjj-r955-34rr

Patch x_refsource_misc

https://github.com/TaklaXBR/zai-shell/commit/a4ea8525d912f55d6e2f09b2869966c52d189a4a

View Patch ZIP pw:eip

Release Notes x_refsource_misc

https://github.com/TaklaXBR/zai-shell/releases/tag/v9.0.3

Scores

CVSS v3 8.8

EPSS 0.0064

EPSS Percentile 45.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact total

Details

CWE

CWE-94

Status published

Products (1)

taklaxbr/zai_shell < 9.0.3

Published Feb 09, 2026

Tracked Since Feb 18, 2026