CNNVD-202601-1971 Information
CNNVD ID
CNNVD-202601-1971
Related CVE
- CNNVD Published: 2026-01-13
Description (Chinese)
Eigent是Eigent AI开源的一个多代理工作流程桌面应用程序。 Eigent存在代码注入漏洞,该漏洞源于CI工作流使用pull_request_target触发器并检出不受信任的PR代码,可能导致任意代码执行。
Description (English)
Eigent is a multi-agent workflow desktop application for Eigen AI. Eigent had a code-infusion loophole, which originated from the use of the pull request target trigger by the CI workflow and the detection of untrustworthy PR codes, which could lead to any code execution.
Hazard Level
High
Vulnerability Type
代码注入
Affected Vendor
Eigent AI
Published
2026-01-13
Last Modified
2026-02-24
References
https://github.com/eigent-ai/eigent/security/advisories/GHSA-gvh4-93cq-5xxp https://github.com/eigent-ai/eigent/commit/bf02500bbbab0f01cd0ed8e6dc21fe5683d6bfb5 https://github.com/eigent-ai/eigent/pull/836 https://github.com/eigent-ai/eigent/pull/837 https://access.redhat.com/security/cve/cve-2026-22869
Patch
https://www.eigent.ai/download
Share on: