External risk intelligence

Evolver AI engine lets attackers run commands on your server

CVE advisorySeverity: CRITICAL (CVSS 9.8)

CVE-2026-42076

An Evolver AI engine flaw lets attackers run any command on your server without logging in. This critical issue needs immediate attention due to its widespread impact and ease of exploitation.

4Halo Surface Signal

OS Command Injection

External exposure likelihood

Halo Surface Signal score for CVE-2026-42076

The vulnerability resides in an AI engine function that processes user-submitted input data. Because this engine is a core component for AI agents that typically operate on servers processing external data, it is commonly deployed as an internet-facing web application or API service designed to handle inputs from remote users.

Horizon Alert

Summary of the vulnerability and why it matters

This issue in Evolver, an AI engine, allows for the execution of arbitrary commands on a server. This is concerning because it could let someone take control of the system without needing any prior access.

Arbitrary code execution on server.
Potentially impacts all systems using the affected software.
Exposed by network, no login needed.

Attack Path

How an attacker could exploit the issue

An unauthenticated attacker can exploit this flaw by sending specially crafted input to the _extractLLM() function. This input would contain shell metacharacters, tricking the application into executing arbitrary commands on the server. The attacker could then achieve full control over the compromised system.

No authentication required.
Targets Evolver _extractLLM() function.
Requires input with shell metacharacters.

Live Threat

Current exploitation, exposure, and threat context

This critical command injection vulnerability in Evolver's `_extractLLM()` function is a significant concern. Attackers are likely to target this as it allows for arbitrary shell command execution on the server without authentication. The ease of exploitation and high impact make it an attractive target for immediate weaponization.

Public exploit is not yet observed.
No KEV listing signal.
Patch available but exploitability remains.

Priority actions

Operational Fix

Recommended remediation, mitigation, and detection steps

Prioritize patching the `Evolver` component to version 1.69.3 to address the critical command injection vulnerability. If immediate patching is not feasible, focus on isolating affected services or implementing strict input validation for the `_extractLLM()` function to prevent the execution of shell metacharacters.

Apply patch to version 1.69.3.
Isolate services or validate input data.
Monitor for unauthorized command execution.

Frequently asked questions

What is Evolver and its purpose?

Evolver is a GEP-powered self-evolving engine designed for AI agents. Its primary use is to analyze runtime logs and identify patterns, which then informs the generation of evolution directives for AI systems. It transforms ad hoc prompt modifications into structured, auditable evolution assets using the Genome Evolution Protocol (GEP), enabling AI agents to adapt and improve over time.

How does the CVE-2026-42076 vulnerability work?

CVE-2026-42076 is an OS command injection vulnerability (CWE-78) in Evolver's `_extractLLM()` function. This function constructs a curl command by concatenating user-controlled input from the 'corpus' parameter. Since this input is not properly sanitized before being passed to `execSync()`, an attacker can inject shell metacharacters to execute arbitrary commands on the server.

What are the conditions for exploiting CVE-2026-42076?

An attacker can exploit CVE-2026-42076 by sending specially crafted input containing shell metacharacters to the `corpus` parameter of the `_extractLLM()` function. This attack requires no authentication and can be initiated remotely over the network, as the vulnerable function is exposed through external interfaces.

What is the risk associated with CVE-2026-42076, according to Halo Surface Signal?

Halo Surface Signal rates CVE-2026-42076 as having a 'Likely' risk. This assessment is based on the vulnerability residing in a core component of an AI engine that processes user input and is typically deployed as an internet-facing service, making it accessible for external threats.

How can CVE-2026-42076 be remediated?

The vulnerability CVE-2026-42076 has been patched in version 1.69.3 of Evolver. Organizations should prioritize updating to this version or a later one. If immediate patching is not feasible, implementing strict input validation for the `_extractLLM()` function to prevent shell metacharacter execution can serve as a temporary measure.

References

Written by Nicholas Merritt

External-surface CVE analysis and Halo Surface Signal prioritization for Halo Threat Intelligence.