| Titel | Fosowl agenticSeek 0.1.0 Remote Code Execution |
|---|
| Beschreibung | AgenticSeek (versions 0.1.0) allows unauthenticated Remote Code Execution (RCE) via the /query endpoint. The application fails to sandbox LLM-generated code across multiple interpreters.The optional safe_mode is disabled by default and relies on a flawed keyword blocklist that is easily bypassed due to implementation errors and a lack of path-based filtering. |
|---|
| Quelle | ⚠️ https://github.com/August829/CVEP/issues/29 |
|---|
| Benutzer | Yu Bao (UID 88956) |
|---|
| Einreichung | 20.03.2026 10:24 (vor 28 Tagen) |
|---|
| Moderieren | 04.04.2026 23:31 (16 days later) |
|---|
| Status | Akzeptiert |
|---|
| VulDB Eintrag | 355383 [Fosowl agenticSeek 0.1.0 query Endpoint PyInterpreter.py PyInterpreter.execute erweiterte Rechte] |
|---|
| Punkte | 19 |
|---|