CVE-2026-25046: CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') in MoonshotAI kimi-agent-sdk
Kimi Agent SDK is a set of libraries that expose the Kimi Code (Kimi CLI) agent runtime in applications. The vsix-publish.js and ovsx-publish.js scripts pass filenames to execSync() as shell command strings. Prior to version 0.1.6, filenames containing shell metacharacters like $(cmd) could execute arbitrary commands. Note: This vulnerability exists only in the repository's development scripts. The published VSCode extension does not include these files and end users are not affected. This is fixed in version 0.1.6 by replacing execSync with execFileSync using array arguments. As a workaround, ensure .vsix files in the project directory have safe filenames before running publish scripts.
CVE-2026-25046: CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') in MoonshotAI kimi-agent-sdk
Description
Kimi Agent SDK is a set of libraries that expose the Kimi Code (Kimi CLI) agent runtime in applications. The vsix-publish.js and ovsx-publish.js scripts pass filenames to execSync() as shell command strings. Prior to version 0.1.6, filenames containing shell metacharacters like $(cmd) could execute arbitrary commands. Note: This vulnerability exists only in the repository's development scripts. The published VSCode extension does not include these files and end users are not affected. This is fixed in version 0.1.6 by replacing execSync with execFileSync using array arguments. As a workaround, ensure .vsix files in the project directory have safe filenames before running publish scripts.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- GitHub_M
- Date Reserved
- 2026-01-28T14:50:47.886Z
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 697bd7ddac06320222bd31ac
Added to database: 1/29/2026, 9:57:49 PM
Last updated: 1/29/2026, 9:58:11 PM
Views: 1
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Related Threats
CVE-2026-25063: CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in gradle gradle-completion
HighCVE-2026-25061: CWE-787: Out-of-bounds Write in simsong tcpflow
MediumCVE-2026-25047: CWE-1321: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') in sharpred deepHas
CriticalCVE-2026-1340: CWE-94 Improper Control of Generation of Code ('Code Injection') in Ivanti Endpoint Manager Mobile
CriticalCVE-2026-1281: CWE-94 Improper Control of Generation of Code ('Code Injection') in Ivanti Endpoint Manager Mobile
CriticalActions
External Links
Need more coverage?
Upgrade to Pro Console in Console -> Billing for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.