Skip to content

Add 3 critical security advisories for hexstrike-ai (0x4m4/hexstrike-ai)#7442

Open
sermikr0 wants to merge 1 commit intogithub:sermikr0/advisory-improvement-7442from
sermikr0:hexstrike-ai-critical-vulns
Open

Add 3 critical security advisories for hexstrike-ai (0x4m4/hexstrike-ai)#7442
sermikr0 wants to merge 1 commit intogithub:sermikr0/advisory-improvement-7442from
sermikr0:hexstrike-ai-critical-vulns

Conversation

@sermikr0
Copy link
Copy Markdown

@sermikr0 sermikr0 commented Apr 20, 2026

Summary

This PR adds 3 critical security advisories for hexstrike-ai (8,200+ stars), an AI-powered cybersecurity toolkit.

All vulnerabilities confirmed with local PoC testing, present in latest version.

Advisories

ID Vulnerability CVSS CWE
GHSA-h3x5-r9c2-qm47 Unauthenticated RCE via /api/command 9.8 CWE-78, CWE-306
GHSA-v7p8-c4f6-jw32 Command Injection in /api/tools/* 9.8 CWE-78
GHSA-w2k9-m5g4-xr86 Path Traversal in /api/files/* 9.8 CWE-22, CWE-306

Details

Add 3 critical security advisories for hexstrike-ai (0x4m4/hexstrike-ai)
1c79f37 
- GHSA-h3x5-r9c2-qm47: Unauthenticated RCE via /api/command (CVSS 9.8)
- GHSA-v7p8-c4f6-jw32: Command Injection in /api/tools/* endpoints (CVSS 9.8)
- GHSA-w2k9-m5g4-xr86: Path Traversal in /api/files/* endpoints (CVSS 9.8)

All vulnerabilities confirmed with local PoC testing.
@github-actions github-actions bot changed the base branch from main to sermikr0/advisory-improvement-7442 April 20, 2026 00:14
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@sermikr0