[{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2026-4946","assignerOrgId":"26969f82-7e87-44d8-9cb5-f6fb926ddd43","state":"PUBLISHED","assignerShortName":"AHA","dateReserved":"2026-03-27T02:17:29.992Z","datePublished":"2026-03-29T19:35:30.692Z","dateUpdated":"2026-03-29T19:35:30.692Z","vulnId":"GCVE-1337-2026-00000000000000000000000000000000000000000000000001011111111111000111111110000000000000000000000000000000000000000000000000000000110","serial":1},"containers":{"cna":{"providerMetadata":{"orgId":"26969f82-7e87-44d8-9cb5-f6fb926ddd43","shortName":"AHA","dateUpdated":"2026-03-29T19:35:30.692Z"},"title":"NSA Ghidra Auto-Analysis Annotation Command Execution","datePublic":"2026-03-29T18:37:00.000Z","problemTypes":[{"descriptions":[{"lang":"en","cweId":"CWE-78","description":"CWE-78 Improper neutralization of special elements used in an OS command ('OS command injection')","type":"CWE"}]}],"affected":[{"vendor":"NSA","product":"Ghidra","versions":[{"status":"affected","version":"0","lessThan":"12.0.3","versionType":"semver"}],"defaultStatus":"unaffected"}],"descriptions":[{"lang":"en","value":"Ghidra versions prior to 12.0.3 improperly process annotation directives embedded in automatically extracted binary data, resulting in arbitrary command execution when an analyst interacts with the UI. Specifically, the @execute annotation (which is intended for trusted, user-authored comments) is also parsed in comments generated during auto-analysis (such as CFStrings in Mach-O binaries). This allows a crafted binary to present seemingly benign clickable text which, when clicked, executes attacker-controlled commands on the analyst’s machine.","supportingMedia":[{"type":"text/html","base64":false,"value":"Ghidra versions prior to 12.0.3 improperly process annotation directives embedded in automatically extracted binary data, resulting in arbitrary command execution when an analyst interacts with the UI. Specifically, the @execute annotation (which is intended for trusted, user-authored comments) is also parsed in comments generated during auto-analysis (such as CFStrings in Mach-O binaries). This allows a crafted binary to present seemingly benign clickable text which, when clicked, executes attacker-controlled commands on the analyst’s machine."}]}],"references":[{"url":"https://takeonme.org/gcves/GCVE-1337-2026-00000000000000000000000000000000000000000000000001011111111111000111111110000000000000000000000000000000000000000000000000000000110","tags":["third-party-advisory"]},{"url":"https://github.com/NationalSecurityAgency/ghidra/security/advisories/GHSA-mc3p-mq2p-xw6v","tags":["vendor-advisory"]}],"metrics":[{"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}],"cvssV3_1":{"version":"3.1","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseSeverity":"HIGH","baseScore":8.8,"vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}},{"other":{"type":"ssvc","content":{"options":[{"Exploitation":"poc"},{"Automatable":"no"},{"Technical Impact":"total"}],"role":"CNA","version":"2.0.3"}}}],"credits":[{"lang":"en","value":"Mobasi Security Team","type":"finder"},{"lang":"en","value":"todb of AHA!","type":"coordinator"}],"source":{"discovery":"EXTERNAL"},"x_generator":{"engine":"Vulnogram 1.0.1"}}}},{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2026-1442","assignerOrgId":"26969f82-7e87-44d8-9cb5-f6fb926ddd43","state":"PUBLISHED","assignerShortName":"AHA","dateReserved":"2026-01-26T13:26:13.580Z","datePublished":"2026-02-27T04:28:46.955Z","dateUpdated":"2026-02-27T04:29:31.442Z"},"containers":{"cna":{"affected":[{"defaultStatus":"unaffected","product":"UPK","vendor":"Unitree","versions":[{"lessThanOrEqual":"20260226v1","status":"affected","version":"0","versionType":"custom"}]}],"credits":[{"lang":"en","type":"finder","value":"Andreas Makris aka Bin4ry"},{"lang":"en","type":"coordinator","value":"todb"}],"datePublic":"2026-02-27T03:13:00.000Z","descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"Since the encryption algorithm used to protect firmware updates is itself encrypted using key material available to an attacker (or anyone paying attention), the firmware updates may be altered by an unauthorized user, and then trusted by a Unitree product, such as the Unitree Go2 and other models. This issue appears to affect all of Unitree’s current offerings as of February 26, 2026, and so should be considered a vulnerability in both the firmware generation and extraction processes. At the time of this release, there is no publicly-documented mechanism to subvert the update process and insert poisoned firmware packages without the equipment owner’s knowledge."}],"value":"Since the encryption algorithm used to protect firmware updates is itself encrypted using key material available to an attacker (or anyone paying attention), the firmware updates may be altered by an unauthorized user, and then trusted by a Unitree product, such as the Unitree Go2 and other models. This issue appears to affect all of Unitree’s current offerings as of February 26, 2026, and so should be considered a vulnerability in both the firmware generation and extraction processes. At the time of this release, there is no publicly-documented mechanism to subvert the update process and insert poisoned firmware packages without the equipment owner’s knowledge."}],"exploits":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"Exploit tooling is available at&nbsp;<a target=\"_blank\" rel=\"nofollow\" href=\"https://github.com/Bin4ry/UniTEABag\">https://github.com/Bin4ry/UniTEABag</a><br><br>"}],"value":"Exploit tooling is available at  https://github.com/Bin4ry/UniTEABag"}],"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"LOCAL","availabilityImpact":"HIGH","baseScore":7.8,"baseSeverity":"HIGH","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"REQUIRED","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","version":"3.1"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]},{"other":{"content":{"options":[{"Exploitation":"poc"},{"Automatable":"no"},{"Technical Impact":"total"}],"role":"CNA","version":"2.0.3"},"type":"ssvc"}}],"problemTypes":[{"descriptions":[{"cweId":"CWE-321","description":"CWE-321: Use of Hard-coded Cryptographic Key","lang":"en","type":"CWE"}]}],"providerMetadata":{"orgId":"26969f82-7e87-44d8-9cb5-f6fb926ddd43","shortName":"AHA","dateUpdated":"2026-02-27T04:29:31.442Z"},"references":[{"tags":["third-party-advisory"],"url":"http://takeonme.org/gcves/GCVE-1337-2025-00000000000000000000000000000000000000000000000001111111111110101111111111000000000000000000000000000000000000000000000000000000101"},{"tags":["exploit"],"url":"https://github.com/Bin4ry/UniTEABag"},{"tags":["related"],"url":"https://www.linkedin.com/posts/kevin-finisterre-6431069a_in-case-you-want-to-teabag-unitree-robotics-activity-7432984361014091776-zB4D"},{"tags":["related"],"url":"https://x.com/bin4rydigit/status/2027197985625420242"}],"source":{"discovery":"UNKNOWN"},"title":"Unitree UPK files Hard-Coded Key","x_generator":{"engine":"Vulnogram 0.5.0"}}}},{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2025-35028","assignerOrgId":"26969f82-7e87-44d8-9cb5-f6fb926ddd43","state":"PUBLISHED","assignerShortName":"AHA","dateReserved":"2025-04-15T20:41:31.524Z","datePublished":"2025-11-30T21:27:56.057Z","dateUpdated":"2025-11-30T21:27:56.057Z","vulnId":"GCVE-1337-2025-00000000000000000000000000000000000000000000000000111111111111111111111111000000000000000000000000000000000000000000000000000000011","serial":1},"containers":{"cna":{"affected":[{"defaultStatus":"unaffected","modules":["EnhancedCommandExecutor"],"product":"HexStrike AI","vendor":"0x4m4","versions":[{"status":"affected","version":"33267047667b9accfbf0fdac1c1c7ff12f3a5512","versionType":"commit-hash"}]}],"credits":[{"lang":"en","type":"finder","value":"jippen of AHA!"},{"lang":"en","type":"coordinator","value":"todb of AHA!"}],"datePublic":"2025-11-30T19:37:00.000Z","descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"By providing a command-line argument starting with a semi-colon ; to an API endpoint created by the EnhancedCommandExecutor class of the HexStrike AI MCP server, the resultant composed command is executed directly in the context of the MCP server’s normal privilege; typically, this is root. There is no attempt to sanitize these arguments in the default configuration of this MCP server at the affected version (as of commit 2f3a5512 in September of 2025."}],"value":"By providing a command-line argument starting with a semi-colon ; to an API endpoint created by the EnhancedCommandExecutor class of the HexStrike AI MCP server, the resultant composed command is executed directly in the context of the MCP server’s normal privilege; typically, this is root. There is no attempt to sanitize these arguments in the default configuration of this MCP server at the affected version (as of commit 2f3a5512 in September of 2025."}],"exploits":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"The original advisory contains two example working proofs-of-concept exploits (which disclose the running user and the local /etc/passwd file to the remote requestor)."}],"value":"The original advisory contains two example working proofs-of-concept exploits (which disclose the running user and the local /etc/passwd file to the remote requestor)."}],"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"NONE","baseScore":9.1,"baseSeverity":"CRITICAL","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N","version":"3.1"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-78","description":"CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')","lang":"en","type":"CWE"}]}],"providerMetadata":{"orgId":"26969f82-7e87-44d8-9cb5-f6fb926ddd43","shortName":"AHA","dateUpdated":"2025-11-30T21:27:56.057Z"},"references":[{"tags":["third-party-advisory","technical-description","exploit"],"url":"https://takeonme.org/gcves/GCVE-1337-2025-00000000000000000000000000000000000000000000000000111111111111111111111111000000000000000000000000000000000000000000000000000000011"}],"source":{"discovery":"EXTERNAL"},"title":"HexStrike AI MCP Server Command Injection","x_generator":{"engine":"Vulnogram 0.5.0"}}}},{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2025-35021","assignerOrgId":"26969f82-7e87-44d8-9cb5-f6fb926ddd43","state":"PUBLISHED","assignerShortName":"AHA","dateReserved":"2025-04-15T20:40:32.308Z","datePublished":"2025-11-04T00:23:23.924Z","dateUpdated":"2025-11-04T00:23:23.924Z","vulnId":"GCVE-1337-2025-00000000000000000000000000000000000000000000000001011111111111011111111110000000000000000000000000000000000000000000000000000000100","serial":1},"containers":{"cna":{"affected":[{"defaultStatus":"unaffected","product":"CPX","vendor":"Abilis","versions":[{"lessThan":"9.0.7","status":"affected","version":"0","versionType":"semver"}]}],"credits":[{"lang":"en","type":"finder","value":"HD Moore"},{"lang":"en","type":"reporter","value":"Tod Beardsley"},{"lang":"en","type":"coordinator","value":"AHA!"}],"datePublic":"2025-11-04T00:06:00.000Z","descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"By failing to authenticate three times to an unconfigured Abilis CPX device via SSH, an attacker can login to a restricted shell on the fourth attempt, and from there, relay connections."}],"value":"By failing to authenticate three times to an unconfigured Abilis CPX device via SSH, an attacker can login to a restricted shell on the fourth attempt, and from there, relay connections."}],"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"NONE","baseScore":6.5,"baseSeverity":"MEDIUM","confidentialityImpact":"LOW","integrityImpact":"LOW","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N","version":"3.1"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-1188","description":"CWE-1188 Insecure Default Initialization of Resource","lang":"en","type":"CWE"}]}],"providerMetadata":{"orgId":"26969f82-7e87-44d8-9cb5-f6fb926ddd43","shortName":"AHA","dateUpdated":"2025-11-04T00:23:23.924Z"},"references":[{"tags":["technical-description"],"url":"https://takeonme.org/cves/cve-2025-35021/"},{"tags":["third-party-advisory"],"url":"https://takeonme.org/gcves/GCVE-1337-2025-00000000000000000000000000000000000000000000000001011111111111011111111110000000000000000000000000000000000000000000000000000000100"},{"tags":["vendor-advisory"],"url":"https://support.abilis.net/relnotes/cpx2k/R9.0.html#R9.0.7"}],"source":{"discovery":"UNKNOWN"},"title":"Abilis CPX Fallback Shell Connection Relay","x_generator":{"engine":"Vulnogram 0.5.0"}}}},{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2025-35027","assignerOrgId":"26969f82-7e87-44d8-9cb5-f6fb926ddd43","state":"PUBLISHED","assignerShortName":"AHA","dateReserved":"2025-04-15T20:41:31.524Z","datePublished":"2025-09-26T06:53:49.585Z","dateUpdated":"2025-09-26T15:16:57.586Z","vulnId":"GCVE-1337-2025-00000000000000000000000000000000000000000000000001011011111110011111111110000000000000000000000000000000000000000000000000000000010","serial":1},"containers":{"cna":{"affected":[{"defaultStatus":"unaffected","product":"Go2","vendor":"Unitree","versions":[{"lessThanOrEqual":"1.1.7","status":"affected","version":"0","versionType":"semver"}]},{"defaultStatus":"unaffected","product":"G1","vendor":"Unitree","versions":[{"lessThanOrEqual":"1.6.0","status":"affected","version":"0","versionType":"semver"}]}],"credits":[{"lang":"en","type":"finder","value":"Andreas Makris"},{"lang":"en","type":"finder","value":"Kevin Finisterre"},{"lang":"en","type":"finder","value":"Konstantin Severov"},{"lang":"en","type":"coordinator","value":"todb"}],"datePublic":"2025-09-26T06:41:00.000Z","descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"Multiple robotic products by Unitree sharing a common firmware, including the Go2, G1, H1, and B2 devices, contain a command injection vulnerability. By setting a malicious string when configuring the on-board WiFi via a BLE module of an affected robot, then triggering a restart of the WiFi service, an attacker can ultimately trigger commands to be run as root via the wpa_supplicant_restart.sh shell script.&nbsp;All Unitree models use firmware derived from the same codebase (MIT Cheetah), and the two major forks are the G1 (humanoid) and Go2 (quadruped) branches."}],"value":"Multiple robotic products by Unitree sharing a common firmware, including the Go2, G1, H1, and B2 devices, contain a command injection vulnerability. By setting a malicious string when configuring the on-board WiFi via a BLE module of an affected robot, then triggering a restart of the WiFi service, an attacker can ultimately trigger commands to be run as root via the wpa_supplicant_restart.sh shell script. All Unitree models use firmware derived from the same codebase (MIT Cheetah), and the two major forks are the G1 (humanoid) and Go2 (quadruped) branches."}],"exploits":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"A proof-of-concept has been published at the referenced UniPwn Github repo."}],"value":"A proof-of-concept has been published at the referenced UniPwn Github repo."}],"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"ADJACENT_NETWORK","availabilityImpact":"NONE","baseScore":7.3,"baseSeverity":"HIGH","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"LOW","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N","version":"3.1"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-78","description":"CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')","lang":"en","type":"CWE"}]}],"providerMetadata":{"orgId":"26969f82-7e87-44d8-9cb5-f6fb926ddd43","shortName":"AHA","dateUpdated":"2025-09-26T15:16:57.586Z"},"references":[{"tags":["third-party-advisory"],"url":"https://takeonme.org/cves/cve-2025-35027"},{"tags":["technical-description"],"url":"https://github.com/Bin4ry/UniPwn"},{"tags":["media-coverage"],"url":"https://spectrum.ieee.org/unitree-robot-exploit"},{"tags":["government-resource"],"url":"https://x.com/committeeonccp/status/1971250635548033311"},{"tags":["related"],"url":"https://www.cve.org/cverecord?id=CVE-2025-60017"},{"tags":["related"],"url":"https://www.cve.org/cverecord?id=CVE-2025-60250"}],"source":{"discovery":"EXTERNAL"},"title":"Unitree Multiple Robotic Products Command Injection","x_generator":{"engine":"Vulnogram 0.2.0"}}}}]