{"data":{"id":"bfabc024-2c41-4849-8498-36e3e6090567","title":"CVE-2026-54555: rtk filters and compresses command outputs before they reach your LLM context. Prior to 0.42.2, the permission splitter ","summary":"rtk is a tool that filters and compresses command outputs before sending them to an LLM (large language model). Before version 0.42.2, rtk's permission splitter (the part that checks if commands are allowed) failed to properly detect certain shell constructs (special syntax that Bash uses to execute commands), allowing attackers to hide unauthorized commands behind allowed ones like \"git\". This meant dangerous commands could run without user approval.","solution":"This vulnerability is fixed in version 0.42.2.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2026-54555","publishedAt":"2026-06-23T20:16:49.737Z","cveId":"CVE-2026-54555","cweIds":["CWE-863"],"cvssScore":"7.8","cvssSeverity":"high","severity":"high","attackType":["prompt_injection"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":["Anthropic"],"affectedVendorsRaw":["Anthropic","Claude","rtk"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","attackVector":"local","attackComplexity":"low","privilegesRequired":"none","userInteraction":"required","exploitMaturity":"unknown","epssScore":0,"patchAvailable":null,"disclosureDate":"2026-06-23T20:16:49.737Z","capecIds":["CAPEC-122"],"crossRefCount":0,"attackSophistication":"moderate","impactType":["integrity"],"aiComponentTargeted":"agent","llmSpecific":true,"classifierConfidence":0.92,"researchCategory":null,"atlasIds":["AML.T0051"]}}