CVE-2026-25807

HIGH

ZAI Shell <9.0.3 - RCE

Title source: llm

Description

ZAI Shell is an autonomous SysOps agent designed to navigate, repair, and secure complex environments. Prior to 9.0.3, the P2P terminal sharing feature (share start) opens a TCP socket on port 5757 without any authentication mechanism. Any remote attacker can connect to this port using a simple socket script. An attacker who connects to a ZAI-Shell P2P session running in --no-ai mode can send arbitrary system commands. If the host user approves the command without reviewing its contents, the command executes directly with the user's privileges, bypassing all Sentinel safety checks. This vulnerability is fixed in 9.0.3.

Exploits (2)

github WORKING POC 10 stars
by XiaomingX · pythonpoc
https://github.com/XiaomingX/data-cve-poc-py-v1/tree/main/2026/CVE-2026-25807
nomisec WORKING POC 1 stars
by ibrahmsql · poc
https://github.com/ibrahmsql/CVE-2026-25807-Exploit

References (3)

Scores

CVSS v3 8.8
EPSS 0.0014
EPSS Percentile 34.2%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE
CWE-94
Status published
Products (1)
taklaxbr/zai_shell < 9.0.3
Published Feb 09, 2026
Tracked Since Feb 18, 2026