CVE-2026-45792: CWE-345: Insufficient Verification of Data Authenticity in rtk-ai rtk
Prior to version 0.32.0, the rtk tool (Rust Token Killer) improperly trusts project-local configuration files by automatically loading .rtk/filters.toml from the working directory without notifying the user. This allows an attacker to place a malicious filter file that modifies shell command outputs via regex-based filters, potentially suppressing or altering output such as file contents, diffs, or security scan results without detection. This vulnerability is fixed in version 0.32.0.
AI Analysis
Technical Summary
CVE-2026-45792 describes an insufficient verification of data authenticity in the rtk tool before version 0.32.0. rtk automatically loads a project-local filter configuration file (.rtk/filters.toml) with the highest priority and without user notification. An attacker with the ability to place files in the working directory can supply a malicious filter that applies regex-based modifications to shell command outputs before they are presented to the language model context. This can selectively suppress or alter command output, potentially hiding malicious code during AI-assisted development or review. The vulnerability is addressed by fixing this behavior in rtk version 0.32.0.
Potential Impact
An attacker can manipulate the command output seen by the language model by injecting malicious filter files in the project directory. This can lead to concealment of malicious code or other important information by selectively suppressing or altering command outputs such as file contents, diffs, and security scan results. This undermines the integrity of AI-assisted development or review processes. The CVSS 4.0 score is 6.9 (medium severity), reflecting the local attack vector with user interaction required and high impact on confidentiality and integrity.
Mitigation Recommendations
Upgrade rtk to version 0.32.0 or later, where this vulnerability is fixed. Prior versions improperly trust local filter configuration files without user notification, enabling this attack. No other official remediation or temporary fixes are documented. Users should avoid running vulnerable versions in untrusted directories until patched.
CVE-2026-45792: CWE-345: Insufficient Verification of Data Authenticity in rtk-ai rtk
Description
Prior to version 0.32.0, the rtk tool (Rust Token Killer) improperly trusts project-local configuration files by automatically loading .rtk/filters.toml from the working directory without notifying the user. This allows an attacker to place a malicious filter file that modifies shell command outputs via regex-based filters, potentially suppressing or altering output such as file contents, diffs, or security scan results without detection. This vulnerability is fixed in version 0.32.0.
CVSS v4.0
Score 6.9medium
Affected software
Run on your own infrastructure? Check whether these packages are installed with threat-finder — our free open-source scanner.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
CVE-2026-45792 describes an insufficient verification of data authenticity in the rtk tool before version 0.32.0. rtk automatically loads a project-local filter configuration file (.rtk/filters.toml) with the highest priority and without user notification. An attacker with the ability to place files in the working directory can supply a malicious filter that applies regex-based modifications to shell command outputs before they are presented to the language model context. This can selectively suppress or alter command output, potentially hiding malicious code during AI-assisted development or review. The vulnerability is addressed by fixing this behavior in rtk version 0.32.0.
Potential Impact
An attacker can manipulate the command output seen by the language model by injecting malicious filter files in the project directory. This can lead to concealment of malicious code or other important information by selectively suppressing or altering command outputs such as file contents, diffs, and security scan results. This undermines the integrity of AI-assisted development or review processes. The CVSS 4.0 score is 6.9 (medium severity), reflecting the local attack vector with user interaction required and high impact on confidentiality and integrity.
Mitigation Recommendations
Upgrade rtk to version 0.32.0 or later, where this vulnerability is fixed. Prior versions improperly trust local filter configuration files without user notification, enabling this attack. No other official remediation or temporary fixes are documented. Users should avoid running vulnerable versions in untrusted directories until patched.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- GitHub_M
- Date Reserved
- 2026-05-13T08:19:32.602Z
- Cvss Version
- 4.0
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 6a3be5f1eed863c81ef0adc1
Added to database: 06/24/2026, 14:13:05 UTC
Last enriched: 06/24/2026, 14:13:25 UTC
Last updated: 06/24/2026, 14:29:08 UTC
Views: 3
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.