9.0.4
CVE-2026-25807 describes a Remote Code Execution (RCE) vulnerability in ZAI Shell, an autonomous SysOps agent. This vulnerability allows an unauthenticated attacker to execute arbitrary system commands on a target system. The issue exists in the P2P terminal sharing feature, where a TCP socket is opened without authentication. Affected versions are those prior to 9.0.3, and a fix is available in version 9.0.3.
The impact of CVE-2026-25807 is significant due to the potential for remote code execution with the host user's privileges. An attacker can exploit this vulnerability by connecting to the exposed TCP port (5757) and sending malicious commands. If the host user approves the command without review (in --no-ai mode), the command will execute directly, potentially leading to complete system compromise. This could involve data theft, malware installation, or further lateral movement within the network. The lack of authentication makes this vulnerability particularly concerning, as any attacker within network reach can attempt exploitation.
CVE-2026-25807 was publicly disclosed on 2026-02-09. The vulnerability's simplicity and lack of authentication suggest a potential for widespread exploitation. Currently, there are no publicly known active campaigns targeting this vulnerability, but the ease of exploitation warrants close monitoring. The vulnerability is not currently listed on the CISA KEV catalog. Public proof-of-concept exploits are likely to emerge given the vulnerability's nature.
Exploit Status
EPSS
0.17% (38% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2026-25807 is to upgrade ZAI Shell to version 9.0.3 or later, which addresses the authentication issue in the P2P terminal sharing feature. If immediate upgrading is not possible, consider disabling the P2P terminal sharing feature entirely, if it is not essential for operations. As a temporary workaround, restrict network access to port 5757 using firewalls or network segmentation to limit potential attackers. Monitor network traffic for connections to port 5757 from unexpected sources. After upgrading, confirm the vulnerability is resolved by attempting to connect to the P2P terminal sharing feature and verifying that authentication is required.
Actualice ZAI Shell a la versión 9.0.3 o posterior. Esta versión corrige la vulnerabilidad de ejecución remota de código al requerir autenticación para la función de compartición P2P. Evite usar la función de compartición P2P en modo --no-ai hasta que se actualice.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2026-25807 is a Remote Code Execution vulnerability in ZAI Shell versions prior to 9.0.3. An attacker can execute commands with the host user's privileges through the unauthenticated P2P terminal sharing feature.
You are affected if you are using ZAI Shell versions 9.0.3 or earlier. Check your installed version against the affected range.
Upgrade ZAI Shell to version 9.0.3 or later to remediate the vulnerability. As a temporary workaround, disable the P2P terminal sharing feature or restrict network access to port 5757.
While there are no confirmed active campaigns currently, the vulnerability's simplicity makes it a potential target for exploitation. Continuous monitoring is recommended.
Refer to the official ZAI Shell security advisory for detailed information and updates: [https://zai.sh/security](https://zai.sh/security)
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.