Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
3 vulnerabilities by EvoMap
CVE-2026-42077 (GCVE-0-2026-42077)
Vulnerability from cvelistv5 – Published: 2026-05-04 16:50 – Updated: 2026-05-04 16:50
VLAI?
Title
Evolver: Prototype Pollution via `Object.assign()` in mailbox store operations
Summary
Evolver is a GEP-powered self-evolving engine for AI agents. Prior to version 1.69.3, a prototype pollution vulnerability in the mailbox store module allows attackers to modify the behavior of all JavaScript objects by injecting malicious properties into Object.prototype. The vulnerability exists in the _applyUpdate() and _updateRecord() functions which use Object.assign() to merge user-controlled data without filtering dangerous keys like __proto__, constructor, or prototype. This issue has been patched in version 1.69.3.
Severity ?
5.2 (Medium)
CWE
- CWE-1321 - Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"cna": {
"affected": [
{
"product": "evolver",
"vendor": "EvoMap",
"versions": [
{
"status": "affected",
"version": "\u003c 1.69.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Evolver is a GEP-powered self-evolving engine for AI agents. Prior to version 1.69.3, a prototype pollution vulnerability in the mailbox store module allows attackers to modify the behavior of all JavaScript objects by injecting malicious properties into Object.prototype. The vulnerability exists in the _applyUpdate() and _updateRecord() functions which use Object.assign() to merge user-controlled data without filtering dangerous keys like __proto__, constructor, or prototype. This issue has been patched in version 1.69.3."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1321",
"description": "CWE-1321: Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-04T16:50:15.167Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/EvoMap/evolver/security/advisories/GHSA-2cjr-5v3h-v2w4",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/EvoMap/evolver/security/advisories/GHSA-2cjr-5v3h-v2w4"
},
{
"name": "https://github.com/EvoMap/evolver/releases/tag/v1.69.3",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/EvoMap/evolver/releases/tag/v1.69.3"
}
],
"source": {
"advisory": "GHSA-2cjr-5v3h-v2w4",
"discovery": "UNKNOWN"
},
"title": "Evolver: Prototype Pollution via `Object.assign()` in mailbox store operations"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-42077",
"datePublished": "2026-05-04T16:50:15.167Z",
"dateReserved": "2026-04-23T19:17:30.565Z",
"dateUpdated": "2026-05-04T16:50:15.167Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-42076 (GCVE-0-2026-42076)
Vulnerability from cvelistv5 – Published: 2026-05-04 16:48 – Updated: 2026-05-04 16:48
VLAI?
Title
Evolver: Command Injection via `execSync` in `_extractLLM()` function allows Remote Code Execution
Summary
Evolver is a GEP-powered self-evolving engine for AI agents. Prior to version 1.69.3, a command injection vulnerability in the _extractLLM() function allows attackers to execute arbitrary shell commands on the server. The function constructs a curl command using string concatenation and passes it to execSync() without proper sanitization, enabling remote code execution when the corpus parameter contains shell metacharacters. This issue has been patched in version 1.69.3.
Severity ?
9.8 (Critical)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"cna": {
"affected": [
{
"product": "evolver",
"vendor": "EvoMap",
"versions": [
{
"status": "affected",
"version": "\u003c 1.69.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Evolver is a GEP-powered self-evolving engine for AI agents. Prior to version 1.69.3, a command injection vulnerability in the _extractLLM() function allows attackers to execute arbitrary shell commands on the server. The function constructs a curl command using string concatenation and passes it to execSync() without proper sanitization, enabling remote code execution when the corpus parameter contains shell metacharacters. This issue has been patched in version 1.69.3."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-04T16:48:51.446Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/EvoMap/evolver/security/advisories/GHSA-j5w5-568x-rq53",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/EvoMap/evolver/security/advisories/GHSA-j5w5-568x-rq53"
},
{
"name": "https://github.com/EvoMap/evolver/releases/tag/v1.69.3",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/EvoMap/evolver/releases/tag/v1.69.3"
}
],
"source": {
"advisory": "GHSA-j5w5-568x-rq53",
"discovery": "UNKNOWN"
},
"title": "Evolver: Command Injection via `execSync` in `_extractLLM()` function allows Remote Code Execution"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-42076",
"datePublished": "2026-05-04T16:48:51.446Z",
"dateReserved": "2026-04-23T19:17:30.565Z",
"dateUpdated": "2026-05-04T16:48:51.446Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-42075 (GCVE-0-2026-42075)
Vulnerability from cvelistv5 – Published: 2026-05-04 16:47 – Updated: 2026-05-04 17:15
VLAI?
Title
Evolver: Path Traversal via `--out` flag in `fetch` command allows Arbitrary File Write
Summary
Evolver is a GEP-powered self-evolving engine for AI agents. Prior to version 1.69.3, a path traversal vulnerability in the skill download (fetch) command allows attackers to write files to arbitrary locations on the filesystem. The --out= flag accepts user-provided paths without validation, enabling directory traversal attacks that can overwrite critical system files or create files in sensitive location. This issue has been patched in version 1.69.3.
Severity ?
8.1 (High)
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-42075",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-04T17:14:53.252083Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-04T17:15:13.381Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/EvoMap/evolver/security/advisories/GHSA-r466-rxw4-3j9j"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "evolver",
"vendor": "EvoMap",
"versions": [
{
"status": "affected",
"version": "\u003c 1.69.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Evolver is a GEP-powered self-evolving engine for AI agents. Prior to version 1.69.3, a path traversal vulnerability in the skill download (fetch) command allows attackers to write files to arbitrary locations on the filesystem. The --out= flag accepts user-provided paths without validation, enabling directory traversal attacks that can overwrite critical system files or create files in sensitive location. This issue has been patched in version 1.69.3."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-04T16:47:23.943Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/EvoMap/evolver/security/advisories/GHSA-r466-rxw4-3j9j",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/EvoMap/evolver/security/advisories/GHSA-r466-rxw4-3j9j"
},
{
"name": "https://github.com/EvoMap/evolver/releases/tag/v1.69.3",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/EvoMap/evolver/releases/tag/v1.69.3"
}
],
"source": {
"advisory": "GHSA-r466-rxw4-3j9j",
"discovery": "UNKNOWN"
},
"title": "Evolver: Path Traversal via `--out` flag in `fetch` command allows Arbitrary File Write"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-42075",
"datePublished": "2026-05-04T16:47:23.943Z",
"dateReserved": "2026-04-23T19:17:30.565Z",
"dateUpdated": "2026-05-04T17:15:13.381Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}