AI Sec Watch: A Security Intelligence Platform for AI Systems

Luu, T.J.

GHSA-2fmp-9rvw-hc96: Network-AI: Poisoned environment backup manifest allows arbitrary recursive deletion during backup pruning

highvulnerability

security

Source: GitHub Advisory DatabaseJune 19, 2026

Summary

Network-AI versions up to 5.12.1 have a vulnerability where the backup pruning feature trusts the `path` field from backup manifest files stored on disk without validating it. An attacker who can write to the backup manifest file can trick the `pruneBackups()` function into recursively deleting arbitrary files or directories on the system that the Network-AI process has access to, potentially causing data loss.

Solution / Mitigation

Fixed in v5.12.2. Install by running `npm install network-ai@5.12.2`. The patched version no longer uses the untrusted `entry.path` from the manifest file for deletion. Instead, it recomputes the deletion path from a validated `entry.backupId` and adds a containment check to ensure deletion only occurs within the backups directory.

Classification

Attack SophisticationTrivial

Affected Packages

network-ai@<= 5.12.1 (fixed: 5.12.2)

Monthly digest — independent AI security research

Original source: https://github.com/advisories/GHSA-2fmp-9rvw-hc96

First tracked: June 19, 2026 at 08:01 PM

Classified by LLM (prompt v3) · confidence: 95%