CVE-2026-30635

automagik · automagik-genie

A command injection vulnerability has been identified in the automagik-genie software, potentially allowing remote attackers to execute arbitrary commands on the underlying system.

Executive summary

The automagik-genie utility contains a command injection vulnerability that could allow unauthenticated remote attackers to achieve remote code execution.

Vulnerability

The software is susceptible to command injection, where an attacker can supply malicious input that is executed by the host system. This vulnerability does not require authentication (PR:N) and carries a significant risk of full system compromise (AV:N/AC:H/PR:N/UI:N).

Business impact

Command injection is a critical vulnerability that typically leads to full system compromise, allowing an attacker to steal data, install malware, or pivot into the internal network. With a CVSS score of 8.1, the potential for catastrophic business impact, including total loss of system integrity and confidentiality, is extremely high.

Remediation

Immediate Action: Check the official automagik repository or vendor advisory for security patches and apply them immediately.

Proactive Monitoring: Monitor system logs for suspicious command-line arguments or unexpected child processes being spawned by the automagik-genie application.

Compensating Controls: Deploy a Web Application Firewall (WAF) or an Intrusion Detection System (IDS) with rules configured to detect and block common shell metacharacters and command injection payloads.

Exploitation status

Public Exploit Available: Unknown.

Analyst recommendation

Due to the existence of a proof-of-concept and the high severity of command injection, administrators must prioritize identifying instances of automagik-genie within their environment. If a vendor patch is unavailable, consider restricting network access to the application or disabling the vulnerable component until a secure version is released.