CVE-2026-25046
📋 TL;DR
This vulnerability allows arbitrary command execution through shell injection in development scripts of the Kimi Agent SDK. Only developers working with the repository's source code are affected, not end users of the published VSCode extension. Attackers could execute malicious commands by crafting filenames with shell metacharacters.
💻 Affected Systems
- Kimi Agent SDK
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete compromise of the developer's system through arbitrary command execution with the privileges of the user running the publish scripts.
Likely Case
Limited impact since this only affects developers working directly with the source repository, not production deployments or end users.
If Mitigated
No impact if developers use version 0.1.6+ or follow workarounds with safe filenames.
🎯 Exploit Status
Exploitation requires local access to the development environment and running the vulnerable scripts.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 0.1.6
Vendor Advisory: https://github.com/MoonshotAI/kimi-agent-sdk/security/advisories/GHSA-mv58-gxx5-8hj3
Restart Required: No
Instructions:
1. Update Kimi Agent SDK to version 0.1.6 or later. 2. Run 'npm update @moonshot/kimi-agent-sdk' or equivalent package manager command. 3. Verify the update completed successfully.
🔧 Temporary Workarounds
Safe filename validation
allEnsure all .vsix files in the project directory have safe filenames without shell metacharacters before running publish scripts.
# Manually inspect filenames for characters like $, (, ), ;, |, &, `, >, <
🧯 If You Can't Patch
- Avoid running vsix-publish.js and ovsx-publish.js scripts in development environments.
- Implement strict filename validation in development workflows to reject files with shell metacharacters.
🔍 How to Verify
Check if Vulnerable:
Check if using Kimi Agent SDK version <0.1.6 and if vsix-publish.js or ovsx-publish.js scripts exist in the project.Check Version:
grep '"version"' package.json | grep -o '[0-9]\+\.[0-9]\+\.[0-9]\+'Verify Fix Applied:
Verify the package.json shows version 0.1.6 or higher and inspect the publish scripts to confirm execFileSync is used instead of execSync.📡 Detection & Monitoring
Log Indicators:
- Unexpected command execution during build/publish processes
- Suspicious filenames containing shell metacharacters in development logs
Network Indicators:
- Not applicable - local development vulnerability
SIEM Query:
Not applicable for this development-only vulnerability