002 / Disclosures

Disclosures

Vulnerabilities discovered across AI agent frameworks and ML infrastructure, disclosed through coordinated 90-day windows.

I
AI Agent Frameworks
PraisonAI - OS Command Injection
MCPHandler · shlex.split() to anyio.open_process() · Fixed v4.5.69 · March 2026
Critical CVSS 9.8
AGiXT - Path Traversal
File operation commands · safe_join() bypass · Fixed commit 2079ea5 · March 2026
High CVSS 8.1
AGiXT - Server-Side Request Forgery
Custom API Endpoint · requests.request() no validation · Fixed commit 711f507 · March 2026
High CVSS 8.6
II
ML Infrastructure
Additional findings under coordinated disclosure
RCE via deserialization · sandbox escape · denial of service · publishing through mid-2026
Pending
Active coordinated disclosures in progress. Full public disclosure begins June 2026. All findings follow a 90-day coordinated window with maintainers before publication.
Vulnerability classes
Remote Code Execution
Server-Side Request Forgery
Path Traversal
Arbitrary File Operations
Deserialization (pickle RCE)
Sandbox Escape
Model Guardrail Bypass
Denial of Service