CVE Alerts : CVE-2026-25046 - [Kimi VS Code] Command Injection in publish scripts vsix-publish.js and ovsx-publish.js CVE ID : CVE-2026-25046 Published : Jan. 29, 2026, 9:37 p.m. | 30 minutes ago Description : Kimi Agent SDK is a set of libraries that expose the Kimi Code (Kimi CLI) ...

See full post

CVE Alerts cve.skyfleet.blue
CVE-2026-25046 - [Kimi VS Code] Command Injection in publish scripts vsix-publish.js and ovsx-publish.js CVE ID : CVE-2026-25046 Published : Jan. 29, 2026, 9:37 p.m. | 30 minutes ago Description : Kimi Agent SDK is a set of libraries that expose the Kimi Code (Kimi CLI) ...
CVE-2026-25046 - [Kimi VS Code] Command Injection in publish scripts vsix-publish.js and ovsx-publish.js

Kimi Agent SDK is a set of libraries that expose the Kimi Code (Kimi CLI) agent runtime in applications. The vsix-publish.js and ovsx-publish.js scripts pass filenames to execSync() as shell command strings. Prior to version 0.1.6, filenames containing shell metacharacters like $(cmd) could execute arbitrary commands. Note: This vulnerability exists …

cvefeed.io
Jan 29, 2026 23:50
0 reposts 0 quotes 0 likes

View on Bluesky Show all post labels

An unhandled error has occurred. Reload 🗙