Arbitrary Code Injection Affecting kagura-ai package, versions [,4.2.3)
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk IDSNYK-PYTHON-KAGURAAI-14172575
- published4 Dec 2025
- disclosed2 Dec 2025
- creditUnknown
Introduced: 2 Dec 2025
New CVE NOT AVAILABLE CWE-552 (opens in a new tab)How to fix?
Upgrade kagura-ai to version 4.2.3 or higher.
Overview
kagura-ai is an Universal AI Memory Platform - MCP-native context management for all AI agents
Affected versions of this package are vulnerable to Arbitrary Code Injection due to missing access restrictions in multiple tool endpoints, including coding_index_source_code, coding_analyze_file_dependencies, coding_analyze_refactor_impact, meta_fix_code_error, gh_safe_exec, gh_pr_create_safe, and gh_pr_merge_safe. These endpoints fail to enforce authentication or authorization, allowing remote attackers to read arbitrary files from the server filesystem, trigger code-generation behaviors that can result in arbitrary code execution, and perform unauthorized actions on GitHub repositories.