Description
The TinyZero project thru commit 6652a63c57fa7e5ccde3fc9c598c7176ff15b839 (2025-58-24) contains a critical command injection vulnerability (CWE-78) in its HDFS file operation utilities. The vulnerability arises from the unsafe construction and execution of shell commands via os.system() without proper input sanitization or escaping. User-controlled input (such as file paths) is directly interpolated into shell command strings using f-strings within the _copy() function. An attacker can inject arbitrary OS commands by supplying a specially crafted path parameter through the Hydra configuration framework. This leads to remote code execution with the privileges of the user running the TinyZero training process.
Published: 2026-05-12
Score: 9.8 Critical
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A command injection flaw exists in the TinyZero project’s HDFS file operation utilities, where user‑controlled file paths are interpolated directly into shell commands without sanitization. An attacker can supply a crafted path via the Hydra configuration framework, causing the _copy() function to execute arbitrary OS commands. This yields remote code execution with the privileges of the process that runs TinyZero training. The vulnerability is identified as CWE‑78.

Affected Systems

The flaw resides in TinyZero, specifically the HDFS utilities added in the commit 6652a63c57fa7e5ccde3fc9c598c7176ff15b839 (2025‑58‑24). It affects any deployment of TinyZero that utilizes these utilities and processes file paths received from external configuration sources. The affected version information is not explicitly enumerated beyond the commit reference.

Risk and Exploitability

The vulnerability has a CVSS score of 9.8, indicating a critical severity, and an EPSS score of less than 1%, suggesting a low probability of exploitation at the current time. It is not listed in CISA’s KEV catalog. This command‑injection flaw allows remote code execution with the privileges of the TinyZero training process. The attack vector is through the Hydra configuration framework, where an attacker can supply a malicious file path that is interpolated into an os.system call. The high CVSS score and potential impact warrant immediate attention and remediation.

Generated by OpenCVE AI on May 13, 2026 at 16:26 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Acquire and deploy the patched TinyZero release that removes os.system usage from the file utilities.
  • Disable or tightly restrict the Hydra configuration framework so that external inputs cannot specify arbitrary paths.
  • Validate and sanitize all file path inputs, rejecting or escaping shell metacharacters, and, where possible, replace os.system calls with safe file‑copy APIs.

Generated by OpenCVE AI on May 13, 2026 at 16:26 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 13 May 2026 16:45:00 +0000

Type Values Removed Values Added
Title Command Injection in TinyZero HDFS Utilities Enables Remote Code Execution

Wed, 13 May 2026 14:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-78
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Wed, 13 May 2026 11:00:00 +0000

Type Values Removed Values Added
First Time appeared Jiayi-pan
Jiayi-pan tinyzero
Vendors & Products Jiayi-pan
Jiayi-pan tinyzero

Tue, 12 May 2026 16:00:00 +0000

Type Values Removed Values Added
Description The TinyZero project thru commit 6652a63c57fa7e5ccde3fc9c598c7176ff15b839 (2025-58-24) contains a critical command injection vulnerability (CWE-78) in its HDFS file operation utilities. The vulnerability arises from the unsafe construction and execution of shell commands via os.system() without proper input sanitization or escaping. User-controlled input (such as file paths) is directly interpolated into shell command strings using f-strings within the _copy() function. An attacker can inject arbitrary OS commands by supplying a specially crafted path parameter through the Hydra configuration framework. This leads to remote code execution with the privileges of the user running the TinyZero training process.
References

Subscriptions

Jiayi-pan Tinyzero
cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-05-13T14:08:46.542Z

Reserved: 2026-03-09T00:00:00.000Z

Link: CVE-2026-31226

cve-icon Vulnrichment

Updated: 2026-05-13T14:08:25.602Z

cve-icon NVD

Status : Deferred

Published: 2026-05-12T16:16:14.530

Modified: 2026-05-19T18:14:16.780

Link: CVE-2026-31226

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-13T16:30:36Z

Weaknesses