CNNVD-202509-2688 Information

CNNVD ID

CNNVD-202509-2688

Related CVE

CVE-2025-58766

• CNNVD Published: 2025-09-17

Description (Chinese)

Dyad是Dyad开源的一个人工智能应用构建器。 Dyad 0.19.0及之前版本存在代码注入漏洞，该漏洞源于预览窗口功能可绕过Docker容器保护，可能导致执行任意代码。

Description (English)

Dyad is an artificial smart application builder of the Dyad Open Source. Dyad 0.19.0 and previous versions had a code injection loophole, which stemmed from the preview window function that could bypass the Docker container protection and could lead to the enforcement of any code.

Hazard Level

High

Vulnerability Type

代码注入

Affected Vendor

Dyad

Published

2025-09-17

Last Modified

2026-02-24

References

https://github.com/dyad-sh/dyad/commit/1c0255ab126d3b38ae9e78b17cdab9a07e5f0185 https://github.com/dyad-sh/dyad/commit/ebcf89ee6cead83a33add5ef1e19c8d4f9b4ce9b https://github.com/dyad-sh/dyad/security/advisories/GHSA-7fxm-c5xx-7vpq

Patch

https://github.com/dyad-sh/dyad/releases