| Title | Fosowl agenticSeek 0.1.0 Remote Code Execution |
|---|
| Description | AgenticSeek (versions 0.1.0) allows unauthenticated Remote Code Execution (RCE) via the /query endpoint. The application fails to sandbox LLM-generated code across multiple interpreters.The optional safe_mode is disabled by default and relies on a flawed keyword blocklist that is easily bypassed due to implementation errors and a lack of path-based filtering. |
|---|
| Source | ⚠️ https://github.com/August829/CVEP/issues/29 |
|---|
| User | Yu Bao (UID 88956) |
|---|
| Submission | 03/20/2026 10:24 (22 days ago) |
|---|
| Moderation | 04/04/2026 23:31 (16 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 355383 [Fosowl agenticSeek 0.1.0 query Endpoint PyInterpreter.py PyInterpreter.execute code injection] |
|---|
| Points | 19 |
|---|