{"id":"PYSEC-2026-1682","summary":"MS SWIFT WEB-UI RCE Vulnerability","details":"**I. Detailed Description:** \n\nThis includes scenarios, screenshots, vulnerability reproduction methods. For account-related vulnerabilities, please provide test accounts. If the reproduction process is complex, you may record a video, upload it to Taopan, and attach the link.\n\n1. Install ms-swift\n   ```\n   pip install ms-swift -U\n   ```\n\n2. Start web-ui\n   ```\n   swift web-ui --lang en\n   ```\n\n3. After startup, access through browser at [http://localhost:7860/](http://localhost:7860/) to see the launched fine-tuning framework program\n\n4. Fill in necessary parameters\n   In the LLM Training interface, fill in required parameters including Model id, Dataset Code. The --output_dir can be filled arbitrarily as it will be modified later through packet capture\n\n5. Click Begin to start training. Capture packets and modify the parameter corresponding to --output_dir\n\n   You can see the concatenated command being executed in the terminal where web-ui was started\n\n6. Wait for the program to run (testing shows it requires at least 5 minutes), and you can observe the effect of command execution creating files\n\n**II. Vulnerability Proof (Write POC here):**\n```\n/tmp/xxx'; touch /tmp/inject_success_1; #\n```\n\n**III. Fix Solution:**\n1. The swift.ui.llm_train.llm_train.LLMTrain#train() method should not directly concatenate parameters with commands after receiving commands from the frontend\n2. The swift.ui.llm_train.llm_train.LLMTrain#train_local() method should not use os.system for execution, but should be changed to subprocess.run([cmd, arg1, arg2...]) format\n\n## Author\n\n* Discovered by: [TencentAISec](https://github.com/TencentAISec)\n* Contact: *[security@tencent.com](mailto:security@tencent.com)*","aliases":["CVE-2025-41419","GHSA-7c78-rm87-5673"],"modified":"2026-07-07T17:47:17.642006930Z","published":"2026-07-07T16:02:59.379580Z","references":[{"type":"WEB","url":"https://github.com/modelscope/ms-swift/security/advisories/GHSA-7c78-rm87-5673"},{"type":"WEB","url":"https://github.com/modelscope/ms-swift/commit/32f09e9b0a44f19d44210e2b5b47c58ab01740e1"},{"type":"PACKAGE","url":"https://github.com/modelscope/ms-swift"},{"type":"PACKAGE","url":"https://pypi.org/project/ms-swift"},{"type":"ADVISORY","url":"https://github.com/advisories/GHSA-7c78-rm87-5673"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-41419"}],"affected":[{"package":{"name":"ms-swift","ecosystem":"PyPI","purl":"pkg:pypi/ms-swift"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.7.0"}]}],"versions":["1.0.0","1.1.0","1.2.0","1.2.1","1.3.0","1.4.0","1.5.0","1.5.1","1.5.2","1.5.3","1.5.4","1.6.0","1.6.1","1.6.2","1.6.3","1.7.0","1.7.1","1.7.2","1.7.3","2.0.0","2.0.1","2.0.2","2.0.3","2.0.3.post1","2.0.4","2.0.5","2.0.5.post1","2.1.0","2.1.1","2.1.1.post1","2.1.1.post2","2.2.0","2.2.1","2.2.2","2.2.3","2.2.4","2.2.5","2.3.0","2.3.0.post1","2.3.1","2.3.2","2.3.2.post1","2.4.0","2.4.0.post1","2.4.1","2.4.2","2.4.2.post1","2.4.2.post2","2.5.0.post1","2.5.1","2.5.1.post1","2.5.2","2.5.2.post1","2.6.0","2.6.0.post1","2.6.0.post2","2.6.1","3.0.0","3.0.1","3.0.1.post1","3.0.2","3.0.2.post1","3.0.3","3.1.0","3.1.1","3.1.1.post1","3.2.0","3.2.0.post2","3.2.1","3.2.2","3.3.0","3.3.0.post1","3.3.1","3.4.0","3.4.1","3.4.1.post1","3.5.0","3.5.1","3.5.2","3.5.3","3.6.0","3.6.1","3.6.2","3.6.3","3.6.4"],"database_specific":{"source":"https://github.com/pypa/advisory-database/blob/main/vulns/ms-swift/PYSEC-2026-1682.yaml"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V4","score":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:P"}]}