Network-AI Vulnerability Allows Arbitrary Command Execution

EXECUTIVE SUMMARY:

Multiple security vulnerabilities have been identified in the Network-AI npm package (versions prior to 5.9.1). The advisory reveals a critical command‑injection flaw that permits arbitrary shell execution, and a separate authentication bypass that allows unauthenticated callers to invoke privileged management APIs. Both issues stem from improper command allowlist handling and an empty default secret, respectively. Exploitation can lead to full compromise of the orchestrator host, data exfiltration, and unauthorized manipulation of agent workloads. The combined risk is high for organizations that integrate Network‑AI into production pipelines, as attackers can gain remote code execution and bypass security controls.[emaillocker id="1283"]

• CVE-2026-54051 with a CVSS score of 9.9 – A wildcard allowlist permits injection of shell metacharacters, enabling arbitrary command execution via `/bin/sh -c`; an attacker only needs to supply a crafted command string to the agent, requiring no elevated privileges.
• CVE-2026-48814 with a CVSS score of 9.1 – The SSE server defaults to an empty secret, causing `_isAuthorized` to always succeed; any network client can send JSON‑RPC requests to invoke all MCP tools without credentials or user interaction.

These vulnerabilities present an immediate and severe threat, demanding urgent attention from leadership. If exploited, attackers can take full control of the orchestration environment, alter or destroy workloads, and exfiltrate sensitive data, potentially resulting in operational disruption, regulatory breach, and reputational damage.

RECOMMENDATION:

• We recommend you to update Network-AI to version 5.9.1.

REFERENCES:

The following reports contain further technical details:
https://github.com/advisories/GHSA-qw6v-5fcf-5666
https://github.com/advisories/GHSA-r78r-rwrf-rjwp