{"data":{"id":"1b81ea46-c193-4edb-8fb3-dc6ccfb640be","title":"GHSA-fvvm-949w-qj4w: RTK improperly trusts project-local filter configuration, allowing silent tampering of command output shown to LLM","summary":"RTK (Rust Token Killer, a tool that filters sensitive data before showing command output to an LLM) had a vulnerability where it automatically loaded filter configuration files from a project directory without asking the user first, allowing attackers to secretly modify what an LLM sees. An attacker could place a malicious filter file in a repository to hide or alter command output (like file contents or security scan results) without any warning, potentially concealing malicious code during development.","solution":"Fixed in v0.32.0 (PRs #623, #625): the `.rtk/filters.toml` file is now blocked by default with a visible warning stating '[rtk] WARNING: untrusted project filters — Filters NOT applied. Run rtk trust to review and enable.' The patch also adds SHA-256 hash verification (a cryptographic check ensuring the file hasn't changed) to re-block filters if the file is modified after being trusted, and introduces new `rtk trust` and `rtk untrust` commands to let users explicitly approve configuration files.","labels":["security"],"sourceUrl":"https://github.com/advisories/GHSA-fvvm-949w-qj4w","publishedAt":"2026-05-20T15:30:04.000Z","cveId":"CVE-2026-45792","cweIds":null,"cvssScore":null,"cvssSeverity":"medium","severity":"medium","attackType":["supply_chain"],"issueType":"vulnerability","affectedPackages":["rtk@< 0.32.0 (fixed: 0.32.0)"],"affectedVendors":[],"affectedVendorsRaw":["RTK (Rust Token Killer)"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0,"patchAvailable":true,"disclosureDate":"2026-05-20T15:30:04.000Z","capecIds":null,"crossRefCount":0,"attackSophistication":"trivial","impactType":["integrity"],"aiComponentTargeted":"inference","llmSpecific":true,"classifierConfidence":0.92,"researchCategory":null,"atlasIds":null}}