CVE-2026-54051

CVE-2026-54051: network-ai npm Package OS Command Injection

Execution Persistence Privilege Escalation Last updated:

Detects exploitation of CVE-2026-54051, a critical OS command injection vulnerability (CWE-78) in the npm package 'network-ai' versions prior to 5.9.1. Improper neutralization of special elements allows attackers to inject arbitrary OS commands through the package's API, potentially leading to full system compromise. A public PoC is available.

Vulnerability Intelligence

Public PoC

Affected Software

Vendor
npm
Product
network-ai
Versions
< 5.9.1

Weakness (CWE)

CWE-78

Timeline

Disclosed
June 19, 2026

CVSS

9.9
Critical (9.0–10)
Read the write-up →

What is CVE-2026-54051 CVE-2026-54051: network-ai npm Package OS Command Injection?

CVE-2026-54051: network-ai npm Package OS Command Injection (CVE-2026-54051) maps to the Execution and Persistence and Privilege Escalation tactics — the adversary is trying to run malicious code in MITRE ATT&CK.

This page provides production-ready detection logic for CVE-2026-54051: network-ai npm Package OS Command Injection, covering the data sources and telemetry it touches: Microsoft Defender for Endpoint, Microsoft Sentinel DeviceProcessEvents. The queries below are rated critical severity at medium confidence, and ship for 7 SIEM platforms — KQL, SPL, Elastic, QRadar, Sumo, YARA-L, LogScale.

MITRE ATT&CK

Tactic
Execution Persistence Privilege Escalation
Microsoft Sentinel / Defender
kusto 
let SuspiciousProcesses = dynamic(['cmd.exe', 'powershell.exe', 'sh', 'bash', 'dash', 'zsh', 'ksh']);
let CommandInjectionPatterns = dynamic([';', '&&', '||', '`', '$(',  '|', '>', '<', '%0a', '%0d']);
DeviceProcessEvents
| where TimeGenerated >= ago(24h)
| where InitiatingProcessFileName =~ 'node.exe' or InitiatingProcessCommandLine has 'network-ai'
| where FileName in~ (SuspiciousProcesses)
| where ProcessCommandLine has_any (CommandInjectionPatterns)
| project TimeGenerated, DeviceId, DeviceName, AccountName, InitiatingProcessFileName, InitiatingProcessCommandLine, FileName, ProcessCommandLine, FolderPath
| extend RiskScore = case(
    ProcessCommandLine has_any (dynamic(['wget', 'curl', 'nc', 'ncat', 'python', 'perl', 'ruby'])), 'Critical',
    ProcessCommandLine has_any (dynamic(['/etc/passwd', '/etc/shadow', 'whoami', 'id', 'net user'])), 'High',
    'Medium'
  )
| order by TimeGenerated desc

Detects child processes spawned by Node.js that match OS command injection patterns associated with CVE-2026-54051 exploitation of the network-ai npm package.

critical severity medium confidence

Data Sources

Microsoft Defender for Endpoint Microsoft Sentinel DeviceProcessEvents

Required Tables

DeviceProcessEvents

False Positives

  • Legitimate Node.js scripts that invoke shell commands for system administration
  • CI/CD pipelines running node-based build scripts with shell exec calls
  • Security tooling or monitoring agents built on Node.js that call system commands
  • Developer workstations running network diagnostics tools built on network-ai

Sigma rule & cross-platform mapping

The detection logic for CVE-2026-54051: network-ai npm Package OS Command Injection (CVE-2026-54051) above is provided in a vendor-neutral form so you can deploy it on any SIEM. The same logic is shipped here as native KQL (Microsoft Sentinel / Defender), SPL (Splunk), Elastic (Elastic Security (EQL)), QRadar (IBM QRadar (AQL)), Sumo (Sumo Logic CSE), YARA-L (Google Chronicle / SecOps), LogScale (CrowdStrike LogScale (CQL)) queries. In Sigma terms, this detection targets the following logsource: 

logsource:
  category: process_creation
  product: windows

Browse the community-maintained Sigma rules for this technique:

SigmaHQ rules for CVE-2026-54051 Sigma rules on detection.fyi

Platform-specific guides for CVE-2026-54051

Detect in Microsoft Sentinel (KQL) Detect in Splunk (SPL) Detect in Elastic Security (Elastic) Detect in IBM QRadar (QRadar) Detect in Sumo Logic CSE (Sumo) Detect in Google Chronicle (YARA-L) Detect in CrowdStrike LogScale (LogScale)
Last updated: 2026-06-21 Research depth: standard
References (2)

Testing Methodology

Validate this detection against 4 adversary techniques from Atomic Red Team. Each test below lists the behaviour to exercise and the telemetry you should expect to see. Executable commands and cleanup steps are available with Pro.

  1. Test 1CVE-2026-54051 Basic Command Injection via network-ai

    Expected signal: Process creation event: node spawns sh or bash child process with command line containing 'whoami'; file creation event for /tmp/cve_2026_54051_poc.txt

  2. Test 2CVE-2026-54051 Reverse Shell Injection Simulation

    Expected signal: Process creation: node → bash with command containing /dev/tcp; network connection event from bash process to 127.0.0.1:4444

  3. Test 3CVE-2026-54051 Persistence via Cron Injection

    Expected signal: Process creation: node → sh → crontab with new entry; crontab file modification event; subsequent periodic execution of /tmp/beacon.sh if not cleaned up

  4. Test 4CVE-2026-54051 Credential Harvesting via /etc/passwd Read

    Expected signal: Process creation: node → sh with 'cat /etc/passwd' in command line; file read event on /etc/passwd by shell child process of Node.js; file creation of /tmp/passwd_exfil.txt

Unlock Pro Content

Get the full detection package for CVE-2026-54051 including response playbook, investigation guide, and atomic red team tests.

Response PlaybookInvestigation GuideHunting QueriesAtomic Red Team TestsTuning Guidance
Sign Up for Pro View Pricing

Related Detections

Tactic Hubs

TA0002ExecutionTA0003PersistenceTA0004Privilege Escalation

Related Techniques

T1059Command and Scripting InterpreterT1190Exploit Public-Facing ApplicationT1548Abuse Elevation Control Mechanism

Same Tactic: Execution

Popular Detections