{"data":{"id":"1e6d4b8f-54e9-4abf-95fd-0f5787f0f037","title":"GHSA-c4m7-2gwp-vw76: ouroboros-ai Vulnerable to Remote Code Execution via Untrusted Project-Directory .env","summary":"Ouroboros (an AI tool) has a remote code execution vulnerability where loading a `.env` file (a configuration file with environment variables) from a cloned repository could let an attacker run malicious code on your system. The flaw occurs because Ouroboros reads execution-controlling settings like CLI paths directly from the project directory's `.env` file without checking if they're trustworthy, allowing an attacker to point these paths to their own malicious scripts.","solution":"The vulnerability has been patched in version 0.39.0 via PR #1078. The fix applies a denylist that blocks execution-affecting environment variables from being loaded from the project directory's `.env` file, while still allowing trusted configurations from the user's home directory (`~/.ouroboros/.env`). Users are strongly advised to upgrade to version 0.39.0 or later. If upgrading is not immediately possible, users must carefully inspect any `.env` file inside cloned repositories before running Ouroboros commands to ensure it does not contain unexpected `OUROBOROS_*_CLI_PATH` or `OPENCODE_CLI_PATH` overrides.","labels":["security"],"sourceUrl":"https://github.com/advisories/GHSA-c4m7-2gwp-vw76","publishedAt":"2026-05-29T21:22:41.000Z","cveId":"CVE-2026-47211","cweIds":null,"cvssScore":null,"cvssSeverity":"high","severity":"high","attackType":["supply_chain"],"issueType":"vulnerability","affectedPackages":["ouroboros-ai@< 0.39.0 (fixed: 0.39.0)"],"affectedVendors":[],"affectedVendorsRaw":["Ouroboros"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0,"patchAvailable":true,"disclosureDate":"2026-05-29T21:22:41.000Z","capecIds":null,"crossRefCount":0,"attackSophistication":"trivial","impactType":["integrity","confidentiality","availability"],"aiComponentTargeted":"framework","llmSpecific":false,"classifierConfidence":0.92,"researchCategory":null,"atlasIds":["AML.T0010"]}}