GHSA-c4m7-2gwp-vw76: ouroboros-ai Vulnerable to Remote Code Execution via Untrusted Project-Directory .env
Summary
Ouroboros (an AI tool) has a remote code execution vulnerability where loading a `.env` file (a configuration file with environment variables) from a cloned repository could let an attacker run malicious code on your system. The flaw occurs because Ouroboros reads execution-controlling settings like CLI paths directly from the project directory's `.env` file without checking if they're trustworthy, allowing an attacker to point these paths to their own malicious scripts.
Solution / Mitigation
The vulnerability has been patched in version 0.39.0 via PR #1078. The fix applies a denylist that blocks execution-affecting environment variables from being loaded from the project directory's `.env` file, while still allowing trusted configurations from the user's home directory (`~/.ouroboros/.env`). Users are strongly advised to upgrade to version 0.39.0 or later. If upgrading is not immediately possible, users must carefully inspect any `.env` file inside cloned repositories before running Ouroboros commands to ensure it does not contain unexpected `OUROBOROS_*_CLI_PATH` or `OPENCODE_CLI_PATH` overrides.
Vulnerability Details
EPSS: 0.0%
Yes
May 29, 2026
Classification
Taxonomy References
Affected Vendors
Affected Packages
Related Issues
Original source: https://github.com/advisories/GHSA-c4m7-2gwp-vw76
First tracked: May 29, 2026 at 08:00 PM
Classified by LLM (prompt v3) · confidence: 92%