Description
Microsoft UFO open-source framework for intelligent automation across devices and platforms. Microsoft UFO tagged releases up to and including v3.0.0 contain an OS command injection vulnerability in the shell action replay path. In affected releases, ShellReceiver.run_shell() passes a command string from action parameters directly to subprocess.Popen() with shell=True and executable=powershell.exe. The same shell-execution behavior is also reachable through ShellReceiver.execute_command(). The shell receiver is invoked by action classes such as RunShellCommand.execute() and ExecuteCommand.execute(), which forward stored action parameters to the shell receiver. Because UFO stores planned and executed actions in per-session JSON records, an attacker who can write or modify a session/action JSON file can plant a shell action. When the session is resumed or replayed, UFO executes the attacker's command as the UFO process user.
Published: 2026-05-27
Score: 7.8 High
EPSS: 1.7% Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Microsoft UFO’s ShellReceiver.run_shell method passes untrusted command strings directly to subprocess.Popen with shell=True and powershell.exe, exposing a command‑execution flaw. The vulnerability allows an adversary who can inject a malicious action into a stored session file to run arbitrary operating‑system commands when UFO replays that session. Because the command is executed with the permissions of the UFO process, the attacker can execute any code that user has rights to, potentially compromising the host locally. This is an instance of CWE‑78: OS Command Injection.

Affected Systems

Microsoft UFO, any release up to and including v3.0.0, is affected. Deployments running those releases are vulnerable whenever they process or replay stored action sessions.

Risk and Exploitability

The CVSS score of 7.8 signals high severity. An EPSS of 2% indicates a modest risk of exploitation. The vulnerability is not currently listed in the CISA KEV catalog, implying no publicly reported exploits. The attack requires the ability to write or modify session JSON files, meaning local access or compromise of the file system is needed. Once a malicious action is inserted, UFO’s replay logic will execute it, giving local command‑execution capability.

Generated by OpenCVE AI on June 18, 2026 at 12:57 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update Microsoft UFO to the latest release that includes the command‑injection fix
  • Configure filesystem permissions to prevent unauthorized writing of session JSON files so only trusted users can modify them
  • If possible, disable or restrict the replay of stored actions from untrusted sources or manually audit session files for hidden shell commands

Generated by OpenCVE AI on June 18, 2026 at 12:57 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Sat, 30 May 2026 23:00:00 +0000

Type Values Removed Values Added
First Time appeared Microsoft
Microsoft ufo
Vendors & Products Microsoft
Microsoft ufo

Thu, 28 May 2026 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Wed, 27 May 2026 22:30:00 +0000

Type Values Removed Values Added
Description Microsoft UFO open-source framework for intelligent automation across devices and platforms. Microsoft UFO tagged releases up to and including v3.0.0 contain an OS command injection vulnerability in the shell action replay path. In affected releases, ShellReceiver.run_shell() passes a command string from action parameters directly to subprocess.Popen() with shell=True and executable=powershell.exe. The same shell-execution behavior is also reachable through ShellReceiver.execute_command(). The shell receiver is invoked by action classes such as RunShellCommand.execute() and ExecuteCommand.execute(), which forward stored action parameters to the shell receiver. Because UFO stores planned and executed actions in per-session JSON records, an attacker who can write or modify a session/action JSON file can plant a shell action. When the session is resumed or replayed, UFO executes the attacker's command as the UFO process user.
Title OS Command Injection in Microsoft UFO Shell Action Replay via Stored Session JSON
Weaknesses CWE-78
References
Metrics cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

Subscriptions

Microsoft Ufo
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-05-28T13:21:51.736Z

Reserved: 2026-05-11T20:50:30.539Z

Link: CVE-2026-45322

cve-icon Vulnrichment

Updated: 2026-05-28T13:21:25.663Z

cve-icon NVD

Status : Deferred

Published: 2026-05-27T23:16:47.313

Modified: 2026-06-17T10:51:55.093

Link: CVE-2026-45322

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-18T13:00:16Z

Weaknesses
  • CWE-78

    Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')