Vulnerabilities ›

CVE-2026-5831

Medium

CWE-77 — Weakness Type

                    Published: Apr 9, 2026                      ·  Modified: Apr 12, 2026                      ·  Source: NVD                

CVSS v3

6.3

🔗 NVD Official

📄 Description (English)

A security flaw has been discovered in Agions taskflow-ai up to 2.1.8. This impacts an unknown function of the file src/mcp/server/handlers.ts of the component terminal_execute. Performing a manipulation results in os command injection. The attack is possible to be carried out remotely. Upgrading to version 2.1.9 will fix this issue. The patch is named c1550b445b9f24f38c4414e9a545f5f79f23a0fe. Upgrading the affected component is recommended. The vendor was contacted early, responded in a very professional manner and quickly released a fixed version of the affected product.

🤖 AI Executive Summary

A command injection vulnerability exists in Agions taskflow-ai versions up to 2.1.8 in the terminal_execute component, allowing remote attackers to execute arbitrary OS commands. The vulnerability has been patched in version 2.1.9 and users should upgrade immediately.

📄 Description (Arabic)

ثغرة حقن أوامر نظام التشغيل في مكون معالج الخادم src/mcp/server/handlers.ts في Agions taskflow-ai تسمح بتنفيذ أوامر عشوائية عن بعد. الهجوم ممكن من خلال معالجة البيانات المدخلة بشكل غير آمن في وظيفة terminal_execute. تم إصدار إصلاح في الإصدار 2.1.9.

🤖 ملخص تنفيذي (AI)

ثغرة حقن الأوامر موجودة في Agions taskflow-ai الإصدارات حتى 2.1.8 في مكون terminal_execute، مما يسمح للمهاجمين البعيدين بتنفيذ أوامر نظام تشغيل عشوائية. تم إصلاح الثغرة في الإصدار 2.1.9 ويجب على المستخدمين الترقية فوراً.

🤖 AI Intelligence Analysis Analyzed: May 19, 2026 17:19

🇸🇦 Saudi Arabia Impact Assessment

Saudi Relevance: high

🏢 Affected Saudi Sectors

government telecom energy banking

🎯 MITRE ATT&CK Techniques

T1059.004 T1190 T1203

⚖️ Saudi Risk Score (AI)

7.0

/ 10.0

🔧 Remediation Steps (English)

Immediately upgrade Agions taskflow-ai to version 2.1.9 or later. Apply patch c1550b445b9f24f38c4414e9a545f5f79f23a0fe. Review and restrict access to terminal_execute functionality. Implement input validation and sanitization for all command parameters. Monitor systems for suspicious command execution patterns.

🔧 خطوات المعالجة (العربية)

قم بترقية Agions taskflow-ai إلى الإصدار 2.1.9 أو أحدث فوراً. طبق التصحيح c1550b445b9f24f38c4414e9a545f5f79f23a0fe. راجع وقيد الوصول إلى وظيفة terminal_execute. طبق التحقق من صحة المدخلات والتطهير لجميع معاملات الأوامر. راقب الأنظمة للكشف عن أنماط تنفيذ الأوامر المريبة.

📋 Regulatory Compliance Mapping

🟢 NCA ECC 2024

2.1.1 2.2.1 3.1.1 3.2.1

🔵 SAMA CSF

ID.BE-1 PR.AC-1 PR.AC-3 DE.CM-1

🟡 ISO 27001:2022

A.12.2.1 A.12.6.1 A.14.2.1

🔗 References & Sources 7

🔗

https://github.com/Agions/taskflow-ai/

cna@vuldb.com

🔗

https://github.com/Agions/taskflow-ai/commit/c1550b445b9f24f38c4414e9a545f5f79f23a0fe

cna@vuldb.com

🔗

https://github.com/Agions/taskflow-ai/issues/2

cna@vuldb.com

🔗

https://github.com/Agions/taskflow-ai/releases/tag/v2.1.9

cna@vuldb.com

🔗

https://vuldb.com/submit/789515

cna@vuldb.com

🔗

https://vuldb.com/vuln/356278

cna@vuldb.com

🔗

https://vuldb.com/vuln/356278/cti

cna@vuldb.com

📊 CVSS Score

6.3

/ 10.0 — Medium

📊 CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Attack VectorN — None / Network

Attack ComplexityL — Low / Local

Privileges RequiredL — Low / Local

User InteractionN — None / Network

ScopeU — Unchanged

ConfidentialityL — Low / Local

IntegrityL — Low / Local

AvailabilityL — Low / Local

📋 Quick Facts

Severity Medium

CVSS Score6.3

CWECWE-77

EPSS1.23%

Exploit No

Patch ✗ No

Published 2026-04-09

Source Feed nvd

🇸🇦 Saudi Risk Score

7.0

/ 10.0 — Saudi Risk

Priority: HIGH

🏷️ Tags

CWE-77

⚡ Actions

🔗 NVD Official Page ⚡ Exploit-DB Search 🐙 GitHub PoC Search 🎯 MITRE ATT&CK 📊 CVE Details

💬 Comments

Loading comments

CVE-2026-5831

💬 Comments

Introduce Yourself

Sign In Required