Submit a merge request that closes this issue to earn points on merge — bounties stack on the standard +40 merge_pr award. New to the repo? See the Contributing guide, and Local Development & SSO to run the app locally (cp .dev.vars.example .dev.vars && pnpm dev, after rebasing on main) and fully test your change before opening the MR.

Description

Any path that lets an attacker execute arbitrary code or shell commands on a worker, container, or host. Highest priority class.

Likely surfaces

  • signal-bot: command parsing, file-search → S3 presigned URL generation, integration callbacks (Outline, PeerTube), !ai/!summarize LLM prompts that reach eval-like sinks, signal-cli wrappers, child_process.spawn calls
  • task-exchange: webhook → task automation
  • search-mcp / bcw-mcp: MCP tool argument parsing
  • uxs-portal: MuJoCo physics WS endpoint, FastAPI eval paths
  • selfhost services that exec user input

Examples that would qualify

  • A bot command argument that reaches child_process.exec unsanitized
  • A worker-side template that interpolates user input into eval() or Function()
  • A docker-compose or shell script in selfhost/ that does bash -c "$USER_INPUT"
  • Container escape via shared volume or sock

--- *This is NOT a normal bounty. Do not post a public PoC or a public PR demonstrating the vulnerability. Submit findings via the bug-report form at https://score.irregulars.io/contribute#report-bug, or email security@irregularchat.com, or DM an admin on Signal. Awards are admin-determined based on impact: low=50 / medium=150 / high=300 / critical=500 / rce=750.*

Relevant files

No relevant files linked yet.

Hints

No hints yet.

Activity

No points have been awarded for this bounty yet.

Comments

No comments yet. Be the first to weigh in.

↑ Top