CNNVD-202601-4854 Information

CNNVD ID

CNNVD-202601-4854

Related CVE

CVE-2026-25046

• CNNVD Published: 2026-01-29

Description (Chinese)

Kimi Agent SDK是Moonshot AI开源的一套可将Kimi Code代理运行时集成到应用程序中的多语言库。 Kimi Agent SDK 0.1.6之前版本存在命令注入漏洞，该漏洞源于开发脚本将文件名作为shell命令字符串传递，可能导致命令注入。

Description (English)

Kimi Agent SDK is an open source for Moonshot AI to integrate Kimi Code proxy running time into a multilingual library in the application. There was a command-injecting loophole in the previous version of Kimi Agent SDK 0.1.6, which resulted from the development of scripts that passed the file name as a shell command string, which could lead to an order-injection.

Hazard Level

Critical

Vulnerability Type

命令注入

Affected Vendor

Moonshot AI

Published

2026-01-29

Last Modified

2026-02-24

References

https://github.com/MoonshotAI/kimi-agent-sdk/security/advisories/GHSA-mv58-gxx5-8hj3 https://access.redhat.com/security/cve/cve-2026-25046

Patch

https://github.com/MoonshotAI/kimi-agent-sdk