CVE-2026-45322
Microsoft's UFO framework, an open-source tool for automating tasks across devices, contains a command injection flaw in its shell execution component. An attacker with write access to UFO's session files can embed malicious system commands that execute with the privileges of the UFO process when a session is resumed or replayed. This creates a local privilege escalation risk in environments where session files may be accessible or shared.
Source data · NVD / CISA · public domain
- CVSS
- 3.1 · 7.8 HIGH · CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
- Weaknesses (CWE)
- CWE-78
- Affected products
- 0 configuration(s)
- Published / Modified
- 2026-05-27 / 2026-06-17
NVD description (verbatim)
Microsoft UFO open-source framework for intelligent automation across devices and platforms. Microsoft UFO tagged releases up to and including v3.0.0 contain an OS command injection vulnerability in the shell action replay path. In affected releases, ShellReceiver.run_shell() passes a command string from action parameters directly to subprocess.Popen() with shell=True and executable=powershell.exe. The same shell-execution behavior is also reachable through ShellReceiver.execute_command(). The shell receiver is invoked by action classes such as RunShellCommand.execute() and ExecuteCommand.execute(), which forward stored action parameters to the shell receiver. Because UFO stores planned and executed actions in per-session JSON records, an attacker who can write or modify a session/action JSON file can plant a shell action. When the session is resumed or replayed, UFO executes the attacker's command as the UFO process user.
2 reference(s) · View on NVD →
SEC.co analysis · AI-assisted, reviewed against source
Technical summary
CVE-2026-45322 is an OS command injection vulnerability (CWE-78) in Microsoft UFO versions up to v3.0.0. The vulnerability exists in ShellReceiver.run_shell() and ShellReceiver.execute_command(), which pass action parameters directly to subprocess.Popen() with shell=True and executable=powershell.exe. Action classes including RunShellCommand.execute() and ExecuteCommand.execute() invoke the vulnerable shell receiver by forwarding stored action parameters. Because UFO persists planned and executed actions in per-session JSON files, an attacker who can modify these JSON records can inject arbitrary PowerShell commands. Upon session resumption or replay, UFO executes the injected command in the context of the UFO process user without sanitization or validation.
Business impact
This vulnerability enables local privilege escalation and unauthorized code execution on systems running UFO. The risk is elevated in multi-user or shared automation environments where session files may be accessible to lower-privileged users, or in scenarios where session data is transferred between systems. Compromised UFO sessions could lead to data exfiltration, lateral movement, system compromise, or disruption of critical automation workflows. Organizations using UFO in security-sensitive contexts should treat this as a priority remediation item.
Affected systems
Microsoft UFO open-source framework versions up to and including v3.0.0 are affected. The vulnerability is present in the shell action replay mechanism and affects any deployment that uses shell-based actions (RunShellCommand or ExecuteCommand) and stores session files on accessible storage. Systems where UFO is deployed with elevated privileges or in shared environments face the highest risk.
Exploitability
Exploitability requires local write access to UFO session JSON files. The attack vector is local (AV:L) and requires low privilege (PR:L) but no user interaction (UI:N). Once an attacker plants a malicious shell action in a session file, exploitation occurs automatically when that session is replayed—no additional steps or social engineering needed. The barrier to exploitation is moderate: an attacker must identify and gain write permissions to session storage, but the resulting command execution is reliable and direct.
Remediation
Upgrade Microsoft UFO to a version that addresses this vulnerability once available. As an interim measure, restrict write access to UFO session directories and files to authorized processes and users only. Implement file integrity monitoring on session storage to detect unauthorized modifications. Audit existing session files for suspicious shell commands. Consider isolating UFO processes with the principle of least privilege and running them in restricted service accounts. Review logs for evidence of unexpected session replays or shell command execution.
Patch guidance
Verify against the Microsoft UFO project repository and advisories for patched versions released after v3.0.0. Apply patches as soon as they become available. Before patching, ensure session files are backed up and isolated from untrusted users. After patching, perform a full test of session replay functionality to confirm the fix does not introduce regressions in automation workflows.
Detection guidance
Monitor UFO process creation and subprocess execution, particularly PowerShell invocations spawned by UFO. Audit UFO session JSON files for unexpected shell commands or suspicious command syntax (e.g., obfuscated PowerShell, Base64-encoded payloads, external command downloads). Log all modifications to session storage and correlate with UFO execution events. Watch for sessions being replayed outside normal automation schedules. Implement file integrity checks on session directories to alert on unauthorized changes.
Why prioritize this
HIGH severity (CVSS 7.8) due to high impact across confidentiality, integrity, and availability. Local attack vector and low privilege requirement make it feasible in multi-user systems. The automatic execution upon session replay means no sophisticated attacker skill is required. Organizations should prioritize patching, especially those using UFO for critical or privileged operations, or where session files may be shared or stored in less-protected locations.
Risk score, explained
CVSS 3.1 score of 7.8 reflects high impact (C:H, I:H, A:H) constrained by local-only attack vector (AV:L) and requirement for low privilege (PR:L). The lack of user interaction (UI:N) and unchanged scope (S:U) distinguish this from lower-scoring injection flaws. The score appropriately reflects that while exploitation requires local access, the consequences for affected systems are severe.
Frequently asked questions
Does this vulnerability require the attacker to execute UFO directly, or can they plant commands beforehand?
Attackers do not need to execute UFO themselves. They only need write access to modify a session JSON file. When an authorized user or automated process resumes that session, the injected command executes automatically—making this a persistent, deferred-execution attack.
What is the scope of impact if UFO is running with administrative or elevated privileges?
If UFO runs as an administrator or service account with high privileges, an attacker's injected commands inherit those privileges. This could lead to full system compromise, data theft, or lateral movement to other systems. This scenario elevates the practical severity beyond the CVSS score.
Can this vulnerability be exploited remotely if session files are stored in a cloud or network location?
The CVE-listed attack vector is local (AV:L), which typically means direct local filesystem access is required. However, if session files are stored on network-accessible shares (SMB, NFS, etc.) without proper access controls, a remote attacker with network access to those shares could modify files remotely, creating a hybrid threat model. Verify your session storage architecture and access controls.
Are older versions of UFO also affected, or only v3.0.0?
The vulnerability exists in all versions up to and including v3.0.0. Older versions are affected. Verify the exact range of vulnerable versions against Microsoft's official advisory, but assume you must upgrade any UFO deployment currently running v3.0.0 or earlier.
This analysis is based on publicly available vulnerability data current as of the publication date. CVSS scores and severity ratings are provided by the National Vulnerability Database and reflect standard scoring methodologies; actual risk in your environment may differ based on your specific deployment, data sensitivity, and compensating controls. Verify patch availability and version numbers directly against Microsoft's official UFO project advisories and release notes before deploying patches. This document does not constitute security advice for your organization; consult your security team and conduct internal testing before making remediation decisions. References to proof-of-concept code or exploitation techniques are for educational context only and should not be used for unauthorized access. Source: NVD (public-domain), retrieved 2026-07-06. Analysis generated by SEC.co (claude-haiku-4-5).
Weaknesses (CWE)
Browse
Related vulnerabilities
- CVE-2025-41265HIGH
CVE-2025-41265: Waterfall WF-500 TX Host OS Command Injection (CVSS 7.2)
- CVE-2025-41266HIGH
CVE-2025-41266: Waterfall WF-500 TX Host Command Injection Vulnerability Analysis
- CVE-2025-41267HIGH
CVE-2025-41267: Waterfall WF-500 TX Host Command Injection Vulnerability
- CVE-2025-41279HIGH
CVE-2025-41279: OS Command Injection in Waterfall WF-500 RX Host Administration WebUI
- CVE-2025-41281HIGH
CVE-2025-41281: Waterfall WF-500 OS Command Injection | HIGH Severity
- CVE-2025-69755HIGH
CVE-2025-69755: Neterbit NW-431F Router RCE and Data Exposure Vulnerability
- CVE-2026-10214HIGH
CVE-2026-10214: Command Injection in chatgpt-on-wechat Bash Tool
- CVE-2026-10219HIGH
CVE-2026-10219: GoClaw Command Injection Vulnerability | Remote Code Execution