Platform
python
Component
fosowl
Fixed in
0.1.1
A code injection vulnerability has been identified in Fosowl agenticSeek versions 0.1.0 through 0.1.0. This flaw resides within the PyInterpreter.execute function of the query Endpoint component, enabling remote attackers to potentially execute arbitrary code. The vulnerability has been publicly disclosed, posing an immediate risk to deployments. Remediation involves upgrading to a patched version or implementing compensating controls.
Successful exploitation of CVE-2026-5584 allows an attacker to execute arbitrary code on the system running Fosowl agenticSeek. This could lead to complete system compromise, including data exfiltration, malware installation, and denial of service. Given the remote nature of the attack, the blast radius extends to any system accessible to the vulnerable component. The ability to execute arbitrary code mirrors the impact of other severe vulnerabilities like remote code execution flaws in web servers, potentially granting attackers full control over the affected environment.
This vulnerability was publicly disclosed on 2026-04-05. The vendor, Fosowl, was notified but did not respond. A public proof-of-concept is likely to emerge given the disclosure. The vulnerability's ease of exploitation and public availability suggest a medium probability of exploitation (EPSS score likely medium). It is currently not listed on CISA KEV.
Exploit Status
EPSS
0.06% (18% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2026-5584 is to upgrade to a patched version of Fosowl agenticSeek as soon as it becomes available. In the interim, restrict network access to the Fosowl agenticSeek component to only trusted sources. Implement strict input validation on any data passed to the PyInterpreter.execute function. Consider using a Web Application Firewall (WAF) to filter potentially malicious requests. Closely monitor system logs for any unusual activity or signs of exploitation.
It is recommended to update to a patched version of Fosowl agenticSeek that resolves the code injection vulnerability. Since the vendor has not responded, it is suggested to investigate the source code to identify and mitigate the vulnerability or seek secure alternatives.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2026-5584 is a code injection vulnerability affecting Fosowl agenticSeek versions 0.1.0–0.1.0. It allows remote attackers to execute arbitrary code via the PyInterpreter.execute function.
If you are using Fosowl agenticSeek version 0.1.0–0.1.0, you are potentially affected. Check your deployments and apply the recommended mitigations or upgrade as soon as possible.
The recommended fix is to upgrade to a patched version of Fosowl agenticSeek. Until then, restrict network access and validate inputs.
While no active exploitation has been confirmed, the vulnerability has been publicly disclosed, increasing the risk of exploitation.
As of the disclosure date, Fosowl has not released an official advisory. Monitor Fosowl's website and security mailing lists for updates.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.
Upload your requirements.txt file and we'll tell you instantly if you're affected.