This security policy applies to all public projects under the khulnasoft organization on GitHub. We prioritize security and continuously work to safeguard our systems. However, vulnerabilities can still exist. If you identify a security issue, please report it to us so we can address it promptly.

• Fixes are released either as part of the next minor version (e.g., 1.3.0 → 1.4.0) or as an on-demand patch version (e.g., 1.3.0 → 1.3.1)
• Security fixes are given priority and might be enough to cause a new version to be released

We encourage responsible disclosure of security vulnerabilities. If you find something suspicious, we encourage and appreciate your report!

Use the "Report a vulnerability" button under the "Security" tab of the Primeagent GitHub repository. This creates a private communication channel between you and the maintainers.

• Provide clear details to help us reproduce and fix the issue quickly
• Include steps to reproduce, potential impact, and any suggested fixes
• Your report will be kept confidential, and your details will not be shared without your consent

• We will acknowledge your report within 5 business days
• We will provide an estimated resolution timeline
• We will keep you updated on our progress

• Do not publicly disclose vulnerabilities until we have assessed, resolved, and notified affected users
• If you plan to present your research (e.g., at a conference or in a blog), share a draft with us at least 30 days in advance for review
• Avoid including:
  • Data from any Primeagent customer projects
  • Primeagent user/customer information
  • Details about Primeagent employees, contractors, or partners

We appreciate your efforts in helping us maintain a secure platform and look forward to working together to resolve any issues responsibly.

Primeagent versions 1.6.0 through 1.6.3 have a critical bug where environment variables from .env files are not being read. This affects all deployments using environment variables for configuration, including security settings.

Potential security impact:

• Environment variables from .env files are not read.
• Security configurations like AUTO_LOGIN=false may not be applied, potentially allowing users to log in as the default superuser.
• Database credentials, API keys, and other sensitive configuration may not be loaded.

DO NOT upgrade to Primeagent versions 1.6.0 through 1.6.3 if you use .env files for configuration. Instead, upgrade to version 1.6.4, which includes a fix for this bug.

Fixed in: Primeagent >= 1.6.4

Primeagent allows users to define and run custom code components through endpoints like /api/v1/validate/code. In versions < 1.3.0, this endpoint did not enforce authentication or proper sandboxing, allowing unauthenticated arbitrary code execution.

This means an attacker could send malicious code to the endpoint and have it executed on the server—leading to full system compromise, including data theft, remote shell access, or lateral movement within the network.

CVE: CVE-2025-3248 Fixed in: Primeagent >= 1.3.0

A privilege escalation vulnerability exists in Primeagent containers where an authenticated user with RCE access can invoke the internal CLI command primeagent superuser to create a new administrative user. This results in full superuser access, even if the user initially registered through the UI as a regular (non-admin) account.

CVE: CVE-2025-57760 Fixed in: Primeagent >= 1.5.1

In Primeagent versions earlier than 1.5, if PRIMEAGENT_AUTO_LOGIN=true, then Primeagent automatically logs users in as a superuser without requiring authentication. In this case, API requests don't require a Primeagent API key.

In Primeagent version 1.5, a Primeagent API key is required to authenticate requests. Setting PRIMEAGENT_SKIP_AUTH_AUTO_LOGIN=true and PRIMEAGENT_AUTO_LOGIN=true skips authentication for API requests. However, the PRIMEAGENT_SKIP_AUTH_AUTO_LOGIN option will be removed in v1.6.

PRIMEAGENT_SKIP_AUTH_AUTO_LOGIN=true is the default behavior, so users do not need to change existing workflows in 1.5. To update your workflows to require authentication, set PRIMEAGENT_SKIP_AUTH_AUTO_LOGIN=false.

For more information, see API keys and authentication.

The primeagent superuser CLI command can present a privilege escalation risk if not properly secured.

1. Authentication Required in Production

   • When PRIMEAGENT_AUTO_LOGIN=false, superuser creation requires authentication
   • Use --auth-token parameter with a valid superuser API key or JWT token

2. Disable CLI Superuser Creation

   • Set PRIMEAGENT_ENABLE_SUPERUSER_CLI=false to disable the command entirely
   • Strongly recommended for production environments

3. Secure AUTO_LOGIN Setting

   • Default is true for <=1.5. This may change in a future release.
   • When true, creates default superuser primeagent/primeagent - ONLY USE IN DEVELOPMENT

# Recommended production settings
export PRIMEAGENT_AUTO_LOGIN=false
export PRIMEAGENT_ENABLE_SUPERUSER_CLI=false
export PRIMEAGENT_SUPERUSER="<your-superuser-username>"
export PRIMEAGENT_SUPERUSER_PASSWORD="<your-superuser-password>"
export PRIMEAGENT_DATABASE_URL="<your-production-database-url>" # e.g. "postgresql+psycopg://primeagent:secure_pass@db.internal:5432/primeagent"
export PRIMEAGENT_SECRET_KEY="your-strong-random-secret-key"