Skip to main content
Press slash or control plus K to focus the search. Use the arrow keys to navigate results and press enter to open a threat.
Reconnecting to live updates…

GHSA-xrmc-c5cg-rv7x: SafeInstall agent guard shell parsing can miss raw package execution

0
High
Published: 07/10/2026 (07/10/2026, 19:34:14 UTC)
Source: GCVE Database
Product: safeinstall-cli

Description

SafeInstall CLI versions up to 0.10.1 have a vulnerability in their agent guard shell parsing that can allow certain raw package-manager and registry-runner commands to bypass policy evaluation. This occurs due to the guard failing to recognize commands with case-variant launcher names, leading file-descriptor redirections, and supported shell wrappers with options. As a result, a coding agent may execute package installations or scaffolding commands without SafeInstall enforcing its security policies. The issue is fixed in version 0.10.2.

CVSS v3.1

Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected software

npmghsa
safeinstall-cli
Affected versions
<0.10.2

Run on your own infrastructure? Check whether these packages are installed with threat-finder — our free open-source scanner.

AI-Powered Analysis

Machine-generated threat intelligence

AILast updated: 07/11/2026, 09:49:34 UTC

Technical Analysis

SafeInstall CLI through version 0.10.1 contains a vulnerability where its agent guard shell parsing fails to detect some package-manager and registry-runner commands. This failure is caused by case-variant launcher names, leading file-descriptor redirections, and shell wrappers with options, which cause raw install commands to bypass the guard's approval decision. Remote project scaffolding commands can also avoid policy evaluation. Exploitation requires a coding agent to execute attacker-influenced crafted shell commands, potentially allowing malicious package installations or scaffolding to run with developer account permissions. The vulnerability affects only commands bypassing the guard interception; commands routed through the SafeInstall CLI remain protected. The issue is resolved in version 0.10.2 by normalizing launcher names, parsing redirections, handling wrapper options conservatively, and routing scaffolding commands through the approval path.

Potential Impact

An attacker able to influence a coding agent's shell commands can bypass SafeInstall's intended deny or ask responses, causing unauthorized package installations or registry scaffolding commands to execute without policy checks or lifecycle script restrictions. This can compromise the confidentiality, integrity, and availability of local source code, credentials, and development resources by running code with the developer's permissions.

Mitigation Recommendations

Upgrade to safeinstall-cli version 0.10.2 or later, which includes fixes for command normalization, redirection parsing, and approval routing. Until upgrading is possible, manually review all coding-agent shell commands and prevent the agent from invoking package managers or registry runners directly, as running an affected guard does not ensure raw package-manager execution is safe.

Pro Console: star threats, build custom feeds, automate alerts via Slack, email & webhooks.Upgrade to Pro

Technical Details

Gcve Source
db.gcve.eu
Osv Id
GHSA-xrmc-c5cg-rv7x
Osv Schema Version
1.4.0
Aliases
[]
Ecosystems
["npm"]
Database Specific Severity
HIGH
Cvss Version
3.1

Threat ID: 6a520eb368715ace438f5262

Added to database: 07/11/2026, 09:36:51 UTC

Last enriched: 07/11/2026, 09:49:34 UTC

Last updated: 07/11/2026, 09:49:34 UTC

Views: 2

Community Reviews

0 reviews

Crowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.

Sort by
Loading community insights…

Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.

Actions

PRO

Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.

Please log in to the Console to use AI analysis features.

Need more coverage?

Upgrade to Pro Console for AI refresh and higher limits.

For incident response and remediation, OffSeq services can help resolve threats faster.

Latest Threats

Breach by OffSeqOFFSEQFRIENDS — 25% OFF

Check if your credentials are on the dark web

Instant breach scanning across billions of leaked records. Free tier available.

Scan now
OffSeq TrainingCredly Certified

Lead Pen Test Professional

Technical5-day eLearningPECB Accredited
View courses