All 3 CVE vulnerabilities found in rtk, with AI-generated Chinese analysis, references, and POCs.
Vendor: rtk-ai
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-54555 | rtk: Permission-gate bypass in rtk rewrite auto-allow via unsplit shell separators CWE-863 | 7.8 | High | 2026-06-23 |
| CVE-2026-45792 | RTK improperly trusts project-local filter configuration, allowing silent tampering of command output shown to LLM CWE-345 | - | - | 2026-06-23 |
| CVE-2026-55249 | @rtk-ai/rtk-rewrite: OpenClaw Rewrite Plugin Command Injection via execSync Template String CWE-78 | 6.3 | Medium | 2026-06-23 |
All 3 known CVE vulnerabilities affecting rtk with full Chinese analysis, references, and POCs where available.