CVE-2026-42076
Published: 04 May 2026
Summary
CVE-2026-42076 is a critical-severity OS Command Injection (CWE-78) vulnerability. Its CVSS base score is 9.8 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 31.5% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
This vulnerability is AI-related — categorised as Other AI Platforms.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Requires validation of the corpus parameter to block shell metacharacters before constructing and executing the curl command, directly preventing command injection.
Mandates timely identification, reporting, and patching of the command injection flaw, enabling upgrade to the fixed version 1.69.3.
Enables monitoring of the system to detect indicators of command injection attacks, such as unauthorized shell command executions via execSync().
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Command injection in a network-accessible service directly enables T1190 (public-facing app exploitation for RCE/initial access) and T1059.004 (arbitrary Unix shell command execution via unsanitized execSync/curl).
NVD Description
Evolver is a GEP-powered self-evolving engine for AI agents. Prior to version 1.69.3, a command injection vulnerability in the _extractLLM() function allows attackers to execute arbitrary shell commands on the server. The function constructs a curl command using string concatenation…
more
and passes it to execSync() without proper sanitization, enabling remote code execution when the corpus parameter contains shell metacharacters. This issue has been patched in version 1.69.3.
Deeper analysisAI
CVE-2026-42076 is a command injection vulnerability (CWE-78) affecting Evolver, a GEP-powered self-evolving engine for AI agents, in versions prior to 1.69.3. The issue resides in the _extractLLM() function, which constructs a curl command through unsafe string concatenation and executes it via execSync() without proper input sanitization. This allows attackers to inject shell metacharacters into the corpus parameter, leading to arbitrary shell command execution on the server. The vulnerability carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating critical severity.
The vulnerability is exploitable remotely over the network by unauthenticated attackers with no privileges or user interaction required. An attacker can craft a malicious corpus parameter containing shell metacharacters, such as command separators or backticks, to inject and execute arbitrary commands when the _extractLLM() function processes the input. Successful exploitation grants full remote code execution (RCE) on the affected server, potentially enabling data theft, persistence, or further compromise.
Mitigation is available in Evolver version 1.69.3, which patches the command injection flaw. Security practitioners should upgrade to this version immediately. Official details are provided in the GitHub security advisory (GHSA-j5w5-568x-rq53) and the release notes for v1.69.3.
As a component in AI agent workflows, this vulnerability highlights risks in self-evolving AI engines where unsanitized external inputs can propagate to system-level execution, though no public evidence of real-world exploitation has been reported.
Details
- CWE(s)
AI Security AnalysisAI
- AI Category
- Other AI Platforms
- Risk Domain
- N/A
- OWASP Top 10 for LLMs 2025
- None mapped
- Classification Reason
- Matched keywords: ai