{"data":{"id":"90aa4047-dc2c-49e4-8de1-d86718751eb4","title":"GHSA-qw6v-5fcf-5666: Network-AI: Improper Neutralization of Special Elements used in an OS Command ","summary":"Network-AI versions before 5.9.1 have a command injection vulnerability where wildcard allowlist rules like `git *` can be bypassed to run arbitrary commands. The bug occurs because the allowlist (a security filter that approves which commands can run) matches the whole command string using loose glob patterns, but then executes it through `/bin/sh -c` (the shell interpreter), which interprets special characters like semicolons and pipes, allowing an attacker to append malicious commands like `git status; id`.","solution":"Fixed in v5.9.1 (commit 379f776). The `ShellExecutor` now executes commands via `spawn(file, args, { shell: false })` with quote-aware argument parsing instead of invoking a shell, and `SandboxPolicy.isCommandAllowed` and the new `SandboxPolicy.tokenizeCommand` reject any unquoted shell metacharacters (`;`, `&`, `|`, `$`, backticks, parentheses, angle brackets, braces, and newlines) or unterminated quotes before checking the allowlist, while preserving quoted metacharacters as literal arguments.","labels":["security"],"sourceUrl":"https://github.com/advisories/GHSA-qw6v-5fcf-5666","publishedAt":"2026-06-19T13:35:05.000Z","cveId":"CVE-2026-54051","cweIds":null,"cvssScore":null,"cvssSeverity":"critical","severity":"critical","attackType":["supply_chain"],"issueType":"vulnerability","affectedPackages":["network-ai@< 5.9.1 (fixed: 5.9.1)"],"affectedVendors":["LangChain"],"affectedVendorsRaw":["Network-AI"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0,"patchAvailable":true,"disclosureDate":"2026-06-19T13:35:05.000Z","capecIds":null,"crossRefCount":0,"attackSophistication":"trivial","impactType":["integrity","confidentiality","availability"],"aiComponentTargeted":"agent","llmSpecific":false,"classifierConfidence":0.95,"researchCategory":null,"atlasIds":["AML.T0010"]}}