GHSA-jvcm-f35g-w78p: Network-AI: AgentRuntime sandbox path-prefix checks allow file access outside the configured base directory
mediumvulnerability
security
Source: GitHub Advisory DatabaseJune 19, 2026
Summary
Network-AI's AgentRuntime sandbox uses a flawed string-prefix check to keep file access within a configured base directory, but the check is too broad. A sandbox at `/tmp/network-ai-sandbox` also matches the sibling directory `/tmp/network-ai-sandbox_evil`, allowing agents to read or list files outside the intended sandbox boundary. This vulnerability affects Network-AI version 5.12.1 and has a medium severity CVSS score (a 0-10 rating of how severe a vulnerability is).
Solution / Mitigation
Fixed in v5.12.2 (commit a59c13a). Users should upgrade to this version or later.
Classification
Attack Type
Supply Chain
Attack SophisticationTrivial
Impact (CIA+S)
confidentialityintegrity
Affected Vendors
Affected Packages
network-ai@<= 5.12.1 (fixed: 5.12.2)
Related Issues
Monthly digest — independent AI security research
Original source: https://github.com/advisories/GHSA-jvcm-f35g-w78p
First tracked: June 19, 2026 at 08:01 PM
Classified by LLM (prompt v3) · confidence: 95%