This release includes 3 security fixes for security teams reviewing exposed deployments.
Topics
+14 more
Affected surfaces
ReleasePort's take
Moderate signalThis patch fixes insecure temporary file handling in AuthGuardian and adds a high‑risk confirmation for FILE_EXPORT, addressing two critical security issues.
Why it matters: Addresses CVE severity 90 (insecure temp paths) and introduces mandatory --confirm-high-risk flag for FILE_EXPORT with severity 80; mitigates potential exploitation risks immediately.
Summary
AI summaryUpdates Also in this patch, scripts/check_permission.py, and lib/auth-guardian.ts across a mixed release.
Changes in this release
| Type | Severity | Summary | CVE |
|---|---|---|---|
| Security | Critical |
Fixes insecure temporary file path handling in AuthGuardian (lib/auth-guardian.ts). Fixes insecure temporary file path handling in AuthGuardian (lib/auth-guardian.ts). Source: llm_adapter@2026-06-08 Confidence: high |
— |
| Security | High |
Adds FILE_EXPORT to HIGH_RISK_RESOURCES requiring --confirm-high-risk (scripts/check_permission.py). Adds FILE_EXPORT to HIGH_RISK_RESOURCES requiring --confirm-high-risk (scripts/check_permission.py). Source: llm_adapter@2026-06-08 Confidence: high |
— |
| Dependency | Medium |
Corrects @types/node constraint from ^25.10.0 to ^25.0.0, fixing CI ETARGET failures. Corrects @types/node constraint from ^25.10.0 to ^25.0.0, fixing CI ETARGET failures. Source: llm_adapter@2026-06-08 Confidence: high |
— |
| Bugfix | Medium |
Corrects ensure_data_dir() to respect NETWORK_AI_ENV for env‑scoped data directories (scripts/check_permission.py). Corrects ensure_data_dir() to respect NETWORK_AI_ENV for env‑scoped data directories (scripts/check_permission.py). Source: llm_adapter@2026-06-08 Confidence: high |
— |
Full changelog
Security Patch Release
v5.10.1 resolves three security findings identified by CodeQL and SkillSpector.
CodeQL #174 — CWE-377 Insecure Temporary File Path (lib/auth-guardian.ts)
AuthGuardian stored rustConfigPath as-is from the caller. Tests supply os.tmpdir()-derived paths, which CodeQL flagged as an insecure temporary file taint flow into writeFile(). The constructor now calls path.resolve() on the supplied path, breaking the taint chain — the same pattern used to resolve #65–#68 in v3.4.1.
SkillSpector Intent-Code Divergence — FILE_EXPORT missing from HIGH_RISK_RESOURCES (scripts/check_permission.py)
The inline comment and SKILL.md security policy both stated that FILE_EXPORT requires --confirm-high-risk, but HIGH_RISK_RESOURCES only contained PAYMENTS and DATABASE. File export requests could receive advisory grants without the extra acknowledgment step. FILE_EXPORT is now included in the set.
SkillSpector Description-Behavior Mismatch — ensure_data_dir() ignoring env scope (scripts/check_permission.py)
ensure_data_dir() always created the fixed top-level data/ directory, ignoring NETWORK_AI_ENV. In a multi-environment deployment this caused audit log and grant files to be written to the wrong location when env-scoped paths were active, potentially mixing dev/test/prod state. The function now delegates to _resolve_data_dir() for correct env-scoped behavior.
Also in this patch
- @types/node constraint corrected from ^25.10.0 (non-existent) to ^25.0.0; fixes CI ETARGET failure on
pm ci (introduced in v5.10.0). - SKILL.md scan findings table updated with both SkillSpector resolved entries.
Full changelog
See CHANGELOG.md.
Security Fixes
- CVE‑2025‑XXXXX — AuthGuardian (lib/auth-guardian.ts) resolved insecure temporary file path by calling path.resolve() on rustConfigPath, breaking taint flow.
- SkillSpector fix – FILE_EXPORT added to HIGH_RISK_RESOURCES in scripts/check_permission.py so it now requires --confirm-high-risk.
- SkillSpector fix – ensure_data_dir() now delegates to _resolve_data_dir() to respect NETWORK_AI_ENV scope
Weekly OSS security release digest.
The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.
No spam, unsubscribe anytime.
Share this release
About Jovancoding/Network-AI
Multi-agent orchestration MCP server with race-condition-safe shared blackboard. 20+ MCP tools: blackboard read/write, agent spawn/stop, FSM transitions, budget tracking, token management, and audit log query. `npx network-ai-server --port 3001`.
Related context
Beta — feedback welcome: [email protected]