Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1336 CNY

100%

CVE-2026-45792— RTK improperly trusts project-local filter configuration, allowing silent tampering of command output shown to LLM

AI Predicted 7.5 Difficulty: Easy EPSS 0.08% · P0

Possible ATT&CK Techniques 1AI

T1036 · Masquerading

Affected Version Matrix 1

VendorProductVersion RangeStatus
rtk-airtk< 0.32.0affected
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2026-45792

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
RTK improperly trusts project-local filter configuration, allowing silent tampering of command output shown to LLM
Source: NVD (National Vulnerability Database)
Vulnerability Description
rtk filters and compresses command outputs before they reach your LLM context. Prior to 0.32.0, RTK (Rust Token Killer) improperly trusts project-local configuration files. RTK automatically loads .rtk/filters.toml from the working directory with highest priority and without user notification. An attacker can place a malicious filter file in a repository to apply regex-based modifications (e.g., strip_lines_matching) to shell command output before it is shown to the LLM, without any indication that the output has been modified. This allows attackers to selectively suppress or alter command output (including file contents, diffs, and security scan results) without detection, potentially concealing malicious code during AI-assisted development or review. This vulnerability is fixed in 0.32.0.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
对数据真实性的验证不充分
Source: NVD (National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
rtk-airtk < 0.32.0 -

II. Public POCs for CVE-2026-45792

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2026-45792

登录查看更多情报信息。

Patches & Fixes for CVE-2026-45792 (2)

Vendor Advisories for CVE-2026-45792 (1)

Same Patch Batch · rtk-ai · 2026-06-23 · 3 CVEs total

CVE-2026-545557.8 HIGHrtk: Permission-gate bypass in rtk rewrite auto-allow via unsplit shell separators
CVE-2026-552496.3 MEDIUM@rtk-ai/rtk-rewrite: OpenClaw Rewrite Plugin Command Injection via execSync Template Strin

IV. Related Vulnerabilities

V. Comments for CVE-2026-45792

No comments yet


Leave a comment