TL;DR Two Remote Code Execution (RCE) vulnerabilities were identified in datapizza-ai framework: What is datapizza-ai Source here https://github.com/datapizza-labs/datapizza-ai. CVE-2026-2969 The vulnerability is caused by the usage of vulnerable functions of Jinja2 template engine (datapizza-ai-core/datapizza/modules/prompt/prompt.py, source here https://github.com/datapizza-labs/datapizza-ai/blob/v0.0.2/datapizza-ai-core/datapizza/modules/prompt/prompt.py). To reproduce the exploit we have to install datapizza-ai: Create a python file with the following content: Execute […]
TL;DR A command injection vulnerability in the function tool run_ssh_command_with_credentials() available to AI agents in cai-framework <= 0.5.9 allows to achieve Remote Command Execution. This post describes a vulnerability I discovered in the CAI framework in which incomplete shell escaping inside a tool accessible to AI agents allowed hostile targets to trigger command execution on […]