We use cookies to improve your experience on our site.
AVID-2026-R0437
Description
Mistral Vibe CLI Shell Expansion Command Execution
Details
Shell expansion is not filtered when running commands, so it’s possible to run arbitrary OS commands through $() syntax.
References
Affected or Relevant Artifacts
- Developer: Mistral
- Deployer:
- Artifact Details:
| Type | Name |
|---|---|
| System | Vibe CLI |
Impact
- (none)
Other information
- Report Type: Advisory
- Credits: Piotr Ryciak, Mindgard
- Date Reported: 2026-01-02
- Version: 0.3.1
- AVID Entry