{"data":{"id":"f383290c-27db-4ca0-8696-3a55cc4d096b","title":"GHSA-jvcm-f35g-w78p: Network-AI: AgentRuntime sandbox path-prefix checks allow file access outside the configured base directory","summary":"Network-AI's AgentRuntime sandbox uses a flawed string-prefix check to keep file access within a configured base directory, but the check is too broad. A sandbox at `/tmp/network-ai-sandbox` also matches the sibling directory `/tmp/network-ai-sandbox_evil`, allowing agents to read or list files outside the intended sandbox boundary. This vulnerability affects Network-AI version 5.12.1 and has a medium severity CVSS score (a 0-10 rating of how severe a vulnerability is).","solution":"Fixed in v5.12.2 (commit a59c13a). Users should upgrade to this version or later.","labels":["security"],"sourceUrl":"https://github.com/advisories/GHSA-jvcm-f35g-w78p","publishedAt":"2026-06-19T21:42:29.000Z","cveId":null,"cweIds":null,"cvssScore":null,"cvssSeverity":"medium","severity":"medium","attackType":["supply_chain"],"issueType":"vulnerability","affectedPackages":["network-ai@<= 5.12.1 (fixed: 5.12.2)"],"affectedVendors":[],"affectedVendorsRaw":["Network-AI"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":null,"epssScore":null,"patchAvailable":true,"disclosureDate":"2026-06-19T21:42:29.000Z","capecIds":null,"crossRefCount":0,"attackSophistication":"trivial","impactType":["confidentiality","integrity"],"aiComponentTargeted":"agent","llmSpecific":false,"classifierConfidence":0.95,"researchCategory":null,"atlasIds":null}}