| Titel | Agions taskflow-ai 2.1.8 Command Injection |
|---|
| Beschreibung | A command injection vulnerability (CWE-78) has been identified in taskflow-ai, specifically within the MCP server handlers and executor components. An attacker with access to the MCP CallTool handler can invoke a hidden terminal_execute tool—not advertised in list_tools—and supply a crafted command string. The executor validates only the first whitespace-delimited token against an allowlist while passing the remainder of the command unsanitized to execSync, enabling shell metacharacters to execute arbitrary OS commands. This can lead to full host compromise, including data exposure, integrity loss, and service disruption. Versions up to and including 2.1.8 are confirmed affected.
|
|---|
| Quelle | ⚠️ https://github.com/Agions/taskflow-ai/issues/2 |
|---|
| Benutzer | BruceJin (UID 96538) |
|---|
| Einreichung | 26.03.2026 03:56 (vor 28 Tagen) |
|---|
| Moderieren | 08.04.2026 19:03 (14 days later) |
|---|
| Status | Akzeptiert |
|---|
| VulDB Eintrag | 356278 [Agions taskflow-ai bis 2.1.8 terminal_execute handlers.ts erweiterte Rechte] |
|---|
| Punkte | 20 |
|---|