evolver — Vulnerabilities & Security Advisories 3

All 3 CVE vulnerabilities found in evolver, with AI-generated Chinese analysis, references, and POCs.

CVE ID	Title	CVSS	Severity	Published
CVE-2026-42077	Evolver: Prototype Pollution via `Object.assign()` in mailbox store operations CWE-1321	5.2	Medium	2026-05-04
CVE-2026-42076	Evolver: Command Injection via `execSync` in `_extractLLM()` function allows Remote Code Execution CWE-78	9.8	Critical	2026-05-04
CVE-2026-42075	Evolver: Path Traversal via `--out` flag in `fetch` command allows Arbitrary File Write CWE-22	8.1	High	2026-05-04

All 3 known CVE vulnerabilities affecting evolver with full Chinese analysis, references, and POCs where available.