CVE-2026-3964 | OpenAkita up to 1.24.3 Chat API Endpoint shell.py run Message os command injection

Inserito da Angelo Barbosa | Mar 11, 2026 | CVE

A vulnerability classified as critical was found in OpenAkita up to 1.24.3. This impacts the function run of the file src/openakita/tools/shell.py of the component Chat API Endpoint. Executing a manipulation of the argument Message can lead to os command injection.

This vulnerability is tracked as CVE-2026-3964. The attack is restricted to local execution. Moreover, an exploit is present.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2026-3964 | OpenAkita up to 1.24.3 Chat API Endpoint shell.py run Message os command injection

Post correlati

CVE-2017-20191 | Zimbra zm-admin-ajax up to 8.8.1 Form Textbox Field Error XFormItem.js XFormItem.prototype.setError message cross site scripting

CVE-2025-24290 | Ubiquiti UISP Application up to 2.4.206 sql injection

CVE-2024-7469 | Raisecom MSG1200/MSG2100E/MSG2200/MSG2300 3.90 Web Interface list_vpn_web_custom.php sslvpn_config_mod template/stylenum os command injection

CVE-2024-2952 | berriai litellm Jinja Template tokenizer_config.json hf_chat_template equivalent special elements