Description
ZAI Shell is an autonomous SysOps agent designed to navigate, repair, and secure complex environments. Prior to 9.0.3, the P2P terminal sharing feature (share start) opens a TCP socket on port 5757 without any authentication mechanism. Any remote attacker can connect to this port using a simple socket script. An attacker who connects to a ZAI-Shell P2P session running in --no-ai mode can send arbitrary system commands. If the host user approves the command without reviewing its contents, the command executes directly with the user's privileges, bypassing all Sentinel safety checks. This vulnerability is fixed in 9.0.3.
Published: 2026-02-09
Score: 8.8 High
EPSS: < 1% Very Low
KEV: No
Impact: Remote Code Execution
Action: Immediate Patch
AI Analysis

Impact

The vulnerability in the ZAI-Shell agent allows an unauthenticated remote attacker to open a TCP socket on port 5757 and send arbitrary system commands to a P2P terminal sharing session that is running in "--no-ai" mode. If a host user approves a command without reviewing it, that command is executed directly with the user’s privileges, bypassing all Sentinel safety checks. This flaw is a typical example of an unauthenticated command injection (CWE‑94) that can compromise the confidentiality, integrity, and availability of the affected system.

Affected Systems

TaklaXBR’s ZAI-Shell software, any installation of the product that is on a version earlier than 9.0.3, is susceptible to this flaw.

Risk and Exploitability

The flaw carries a high severity CVSS score of 8.8, indicating a substantial potential for damage. However, the EPSS score is less than 1 %, indicating that real‑world exploitation is currently considered unlikely, and the vulnerability is not listed in the CISA KEV catalog. The attack vector is remote, unauthenticated, and relies on an open network service; an attacker needs only to open a socket and send commands. If the host user does not verify command contents, the result is direct execution of attacker‑supplied commands with the user’s privileges.

Generated by OpenCVE AI on April 17, 2026 at 21:06 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade ZAI‑Shell to version 9.0.3 or later, which closes the unauthenticated socket.
  • Configure network firewalls or host security groups to block inbound connections to TCP port 5757, preventing unauthenticated access.
  • Disable or restrict the P2P terminal sharing feature in the “--no‑ai” mode to eliminate the attack surface.

Generated by OpenCVE AI on April 17, 2026 at 21:06 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 24 Feb 2026 18:15:00 +0000

Type Values Removed Values Added
First Time appeared Taklaxbr zai Shell
CPEs cpe:2.3:a:taklaxbr:zai_shell:*:*:*:*:*:python:*:*
Vendors & Products Taklaxbr zai Shell

Tue, 10 Feb 2026 22:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Tue, 10 Feb 2026 12:45:00 +0000

Type Values Removed Values Added
First Time appeared Taklaxbr
Taklaxbr zai-shell
Vendors & Products Taklaxbr
Taklaxbr zai-shell

Mon, 09 Feb 2026 22:00:00 +0000

Type Values Removed Values Added
Description ZAI Shell is an autonomous SysOps agent designed to navigate, repair, and secure complex environments. Prior to 9.0.3, the P2P terminal sharing feature (share start) opens a TCP socket on port 5757 without any authentication mechanism. Any remote attacker can connect to this port using a simple socket script. An attacker who connects to a ZAI-Shell P2P session running in --no-ai mode can send arbitrary system commands. If the host user approves the command without reviewing its contents, the command executes directly with the user's privileges, bypassing all Sentinel safety checks. This vulnerability is fixed in 9.0.3.
Title Unauthenticated Remote Code Execution via P2P Sharing in ZAI-Shell
Weaknesses CWE-94
References
Metrics cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H'}

Subscriptions

Taklaxbr Zai-shell Zai Shell
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-02-10T21:23:01.583Z

Reserved: 2026-02-05T19:58:01.642Z

Link: CVE-2026-25807

cve-icon Vulnrichment

Updated: 2026-02-10T21:22:58.668Z

cve-icon NVD

Status : Analyzed

Published: 2026-02-09T22:16:02.293

Modified: 2026-02-24T18:13:41.050

Link: CVE-2026-25807

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-17T21:15:27Z

Weaknesses