Wanaku ExecClient Exposes Critical Command Injection Flaw in Tool Service

A critical command injection vulnerability has been identified within the Wanaku AI platform's ExecClient component, allowing attackers to execute arbitrary system commands. The flaw resides in how the service processes tool invocation requests, treating user-supplied URIs as direct file paths and executing them without any validation or sandboxing. This creates a direct pathway for unauthenticated remote code execution on the host server, posing a severe security risk to any deployment using the vulnerable tool service.

The vulnerability is located in the `ExecClient.java` file within the `wanaku-tool-service-exec` module. The `exchange` method directly takes the `uri` field from a `ToolInvokeRequest`, converts it to a `File` object, and then splits its absolute path by spaces to form the command arguments for `ProcessRunner.runWithOutput()`. There is no input sanitization, command allowlisting, or execution environment isolation. An attacker can craft a malicious request where the URI contains shell metacharacters or paths to system binaries, leading to full command execution under the service's privileges.

This security failure exposes underlying servers to complete compromise. The lack of basic security hygiene in a core component responsible for executing external tools indicates a significant oversight in Wanaku's development lifecycle. Organizations using this service must patch immediately or implement strict network-level controls to prevent exploitation. The issue highlights the persistent risks in AI/ML toolchain infrastructure where powerful execution capabilities are exposed without corresponding security guardrails.