GHSA-wg5p-8h9p-3mr7: agent-coderag: Gradle Wrapper Execution During Dependency Discovery Enables Arbitrary Code Execution

June 19, 2026

agent-coderag unconditionally executes a repository-controlled gradlew script during its default sync dependency-discovery flow. An attacker who can induce a victim to index a malicious Gradle repository (one containing build.gradle and a crafted gradlew) achieves arbitrary code execution with the victim’s OS privileges. No authentication, no extra flags, and no elevated permissions are required; the attack fires on the default agent-coderag sync <path> invocation.

References

github.com/advisories/GHSA-wg5p-8h9p-3mr7
github.com/naranor/agent-coderag/security/advisories/GHSA-wg5p-8h9p-3mr7

Code Behaviors & Features

Detect and mitigate GHSA-wg5p-8h9p-3mr7 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →