CVE-2026-55576
MaaAssistantArknights · MaaAssistantArknights
MaaAssistantArknights is vulnerable to OS command injection and code injection, allowing unauthenticated attackers to execute arbitrary commands.
Executive summary
A critical vulnerability in the MaaAssistantArknights tool exposes the host system to unauthorized remote command and code execution by unauthenticated actors.
Vulnerability
The software fails to properly sanitize input, leading to OS Command Injection (CWE-78) and Code Injection (CWE-94). This vulnerability is exploitable by an unauthenticated remote attacker with no user interaction required.
Business impact
Successful exploitation allows an attacker to execute arbitrary code on the underlying host system with the privileges of the application. Given the CVSS score of 8.8, this poses a high risk of total system compromise, data exfiltration, or the installation of persistent malware, which could lead to significant operational disruption and loss of confidentiality.
Remediation
Immediate Action: Update the MaaAssistantArknights software to commit version cafc3946059e6337d2089d4fec8b6885ba17c332 or newer to eliminate the vulnerable injection vectors.
Proactive Monitoring: Monitor server logs for unexpected process spawns or unusual network activity originating from the MaaAssistantArknights service.
Compensating Controls: Deploy a Web Application Firewall (WAF) or host-based Intrusion Detection System (IDS) to filter malicious payloads that attempt to inject OS commands or code into request parameters.
Exploitation status
Public Exploit Available: Unknown.
Analyst recommendation
The severity of this vulnerability necessitates immediate remediation. Organizations currently utilizing MaaAssistantArknights should prioritize upgrading to the patched version identified in the vendor advisory to mitigate the risk of remote code execution.