CVE-2026-2642
📋 TL;DR
A null pointer dereference vulnerability in the_silver_searcher (ag) up to version 2.2.0 allows local attackers to cause a denial of service (crash) by manipulating the search_stream function. This affects users running vulnerable versions of the_silver_searcher on their systems.
💻 Affected Systems
- the_silver_searcher (ag)
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Local denial of service causing the_silver_searcher process to crash, potentially disrupting automated scripts or workflows that depend on it.
Likely Case
Local user can crash the ag process when searching specific malicious files or inputs.
If Mitigated
Minimal impact if proper access controls limit local user privileges and critical systems don't depend on ag.
🎯 Exploit Status
Exploit code is publicly available in GitHub repository. Requires local access and ability to trigger the vulnerable function with specific input.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Not available
Vendor Advisory: Not available
Restart Required: No
Instructions:
No official patch available. Monitor the_silver_searcher GitHub repository for updates. Consider temporary workarounds or alternative tools.
🔧 Temporary Workarounds
Restrict local user access
linuxLimit which users can execute the_silver_searcher to reduce attack surface
chmod 750 /usr/bin/ag
setfacl -m u:trusteduser:rx /usr/bin/ag
Use alternative search tool
allTemporarily replace the_silver_searcher with alternative tools like grep, ack, or ripgrep
apt-get install ripgrep
brew install ripgrep
🧯 If You Can't Patch
- Monitor process crashes of 'ag' in system logs for potential exploitation attempts
- Implement strict access controls to limit which users can execute the_silver_searcher binary
🔍 How to Verify
Check if Vulnerable:
Check the_silver_searcher version: ag --version | head -1Check Version:
ag --version | head -1Verify Fix Applied:
Verify version is above 2.2.0 when patch becomes available📡 Detection & Monitoring
Log Indicators:
- Segmentation fault or crash logs involving 'ag' process
- Abnormal termination of the_silver_searcher processes
Network Indicators:
- None - local vulnerability only
SIEM Query:
process.name:"ag" AND event.action:"process_crash" OR signal.name:"SIGSEGV"