Description
Microsoft UFO open-source framework for intelligent automation across devices and platforms. Microsoft UFO tagged releases up to and including v3.0.0 contain an OS command injection vulnerability in the shell action replay path. In affected releases, ShellReceiver.run_shell() passes a command string from action parameters directly to subprocess.Popen() with shell=True and executable=powershell.exe. The same shell-execution behavior is also reachable through ShellReceiver.execute_command(). The shell receiver is invoked by action classes such as RunShellCommand.execute() and ExecuteCommand.execute(), which forward stored action parameters to the shell receiver. Because UFO stores planned and executed actions in per-session JSON records, an attacker who can write or modify a session/action JSON file can plant a shell action. When the session is resumed or replayed, UFO executes the attacker's command as the UFO process user.
Published: 2026-05-27
Score: 7.8 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Microsoft UFO’s ShellReceiver.run_shell method passes an untrusted command string directly to subprocess.Popen with shell=True and powershell.exe, without sanitization. This flaw allows an attacker to execute arbitrary operating‑system commands when UFO processes a replayed action. The vulnerability can be leveraged to run any command with the permissions of the UFO process user, resulting in full compromise of the host system.

Affected Systems

The affected product is Microsoft UFO, versions up to and including 3.0.0. Any deployment running these releases is vulnerable until a patch is applied.

Risk and Exploitability

The CVSS score of 7.8 indicates high severity, but the EPSS score is not available, so the current exploitation probability is unknown. It is not listed in the CISA KEV catalog, implying no known public exploitation at this time. The attack path requires an attacker who can write or modify a session or action JSON file; thus local compromise or the ability to tamper with session files is needed. Once a malicious action is planted, UFO’s replay logic will execute it as the UFO process user, effectively giving the attacker local command execution.

Generated by OpenCVE AI on May 27, 2026 at 23:22 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update Microsoft UFO to the latest release that includes the command‑injection fix
  • Configure filesystem permissions to prevent unauthorized writing of session JSON files so only trusted users can modify them
  • If possible, disable or restrict the replay of stored actions from untrusted sources or manually audit session files for hidden shell commands

Generated by OpenCVE AI on May 27, 2026 at 23:22 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Sat, 30 May 2026 23:00:00 +0000

Type Values Removed Values Added
First Time appeared Microsoft
Microsoft ufo
Vendors & Products Microsoft
Microsoft ufo

Thu, 28 May 2026 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Wed, 27 May 2026 22:30:00 +0000

Type Values Removed Values Added
Description Microsoft UFO open-source framework for intelligent automation across devices and platforms. Microsoft UFO tagged releases up to and including v3.0.0 contain an OS command injection vulnerability in the shell action replay path. In affected releases, ShellReceiver.run_shell() passes a command string from action parameters directly to subprocess.Popen() with shell=True and executable=powershell.exe. The same shell-execution behavior is also reachable through ShellReceiver.execute_command(). The shell receiver is invoked by action classes such as RunShellCommand.execute() and ExecuteCommand.execute(), which forward stored action parameters to the shell receiver. Because UFO stores planned and executed actions in per-session JSON records, an attacker who can write or modify a session/action JSON file can plant a shell action. When the session is resumed or replayed, UFO executes the attacker's command as the UFO process user.
Title OS Command Injection in Microsoft UFO Shell Action Replay via Stored Session JSON
Weaknesses CWE-78
References
Metrics cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

Subscriptions

Microsoft Ufo
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-05-28T13:21:51.736Z

Reserved: 2026-05-11T20:50:30.539Z

Link: CVE-2026-45322

cve-icon Vulnrichment

Updated: 2026-05-28T13:21:25.663Z

cve-icon NVD

Status : Deferred

Published: 2026-05-27T23:16:47.313

Modified: 2026-05-28T18:56:36.823

Link: CVE-2026-45322

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-30T21:21:44Z

Weaknesses