CNNVD-202602-1272 Information

CNNVD ID

CNNVD-202602-1272

Related CVE

CVE-2026-25807

• CNNVD Published: 2026-02-09

Description (Chinese)

ZAI Shell是Ömer Efe Başol (TaklaXBR)个人开发者的一个终端自主AI代理软件。 ZAI Shell 9.0.3之前版本存在代码注入漏洞，该漏洞源于P2P终端共享功能缺乏身份验证机制，可能导致任意命令执行。

Description (English)

ZAI Shell is an Ömer Efe Başol (TaklaXBR) personal developer, an autonomous terminal AI proxy. ZAI Shell before version 9.3 had a code-infusion gap, which stemmed from the lack of an identification mechanism for the P2P terminal sharing function, which could lead to arbitrary enforcement.

Vulnerability Type

代码注入

Affected Vendor

个人开发者

Published

2026-02-09

Last Modified

2026-02-24

References

https://github.com/TaklaXBR/zai-shell/commit/a4ea8525d912f55d6e2f09b2869966c52d189a4a https://github.com/TaklaXBR/zai-shell/releases/tag/v9.0.3 https://github.com/TaklaXBR/zai-shell/security/advisories/GHSA-6pjj-r955-34rr

Patch

https://github.com/TaklaXBR/zai-shell/releases/