Untrusted Search Path Affecting ouroboros-ai package, versions [,0.39.0)


Severity

Recommended
0.0
high
0
10

CVSS assessment by Snyk's Security Team. Learn more

Threat Intelligence

EPSS
0.56% (69th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk IDSNYK-PYTHON-OUROBOROSAI-17670575
  • published29 Jun 2026
  • disclosed29 May 2026
  • creditqerogram

Introduced: 29 May 2026

CVE-2026-47211  (opens in a new tab)
CWE-426  (opens in a new tab)

How to fix?

Upgrade ouroboros-ai to version 0.39.0 or higher.

Overview

ouroboros-ai is a Specification-first workflow engine for AI coding agents. Works with Claude Code and Codex CLI.

Affected versions of this package are vulnerable to Untrusted Search Path in the process of loading environment variables from the local .env file in the project directory. An attacker can execute arbitrary code by including a malicious script in a cloned repository and setting variables such as OUROBOROS_CLI_PATH or OPENCODE_CLI_PATH to point to this script, which will be executed when certain commands are run.

Workaround

This vulnerability can be mitigated by carefully inspecting any .env file inside cloned repositories before running commands to ensure it does not contain unexpected OUROBOROS_*_CLI_PATH or OPENCODE_CLI_PATH overrides.

CVSS Base Scores

version 4.0
version 3.1