CVE-2026-30635
automagik · automagik-genie
A command injection vulnerability has been identified in the automagik-genie software, potentially allowing remote attackers to execute arbitrary commands on the underlying system.
Executive summary
The automagik-genie utility contains a command injection vulnerability that could allow unauthenticated remote attackers to achieve remote code execution.
Vulnerability
The software is susceptible to command injection, where an attacker can supply malicious input that is executed by the host system. This vulnerability does not require authentication (PR:N) and carries a significant risk of full system compromise (AV:N/AC:H/PR:N/UI:N).
Business impact
Command injection is a critical vulnerability that typically leads to full system compromise, allowing an attacker to steal data, install malware, or pivot into the internal network. With a CVSS score of 8.1, the potential for catastrophic business impact, including total loss of system integrity and confidentiality, is extremely high.
Remediation
Immediate Action: Check the official automagik repository or vendor advisory for security patches and apply them immediately.
Proactive Monitoring: Monitor system logs for suspicious command-line arguments or unexpected child processes being spawned by the automagik-genie application.
Compensating Controls: Deploy a Web Application Firewall (WAF) or an Intrusion Detection System (IDS) with rules configured to detect and block common shell metacharacters and command injection payloads.
Exploitation status
Public Exploit Available: Unknown.
Analyst recommendation
Due to the existence of a proof-of-concept and the high severity of command injection, administrators must prioritize identifying instances of automagik-genie within their environment. If a vendor patch is unavailable, consider restricting network access to the application or disabling the vulnerable component until a secure version is released.