CVE-2026-5532: Command Injection in ScrapeGraphAI 1.0.0-1.74.0
Plattform
python
Komponente
scrapegraph-ai
Behoben in
1.10.0
CVE-2026-5532 is a command injection vulnerability discovered in ScrapeGraphAI versions 1.0.0 through 1.74.0. This flaw allows an attacker to execute arbitrary operating system commands on the server, potentially leading to complete system compromise. The vulnerability resides within the `create_sandbox_and_execute` function of the `GenerateCodeNode` component. A patch is available in version 1.10.0.
So beheben
Kein offizieller Patch verfügbar. Prüfe auf Workarounds oder überwache auf Updates.
Häufig gestellte Fragen
What is CVE-2026-5532?
CVE-2026-5532 is a command injection vulnerability affecting ScrapeGraphAI versions 1.0.0 through 1.74.0. It allows attackers to execute arbitrary OS commands remotely, potentially compromising the system.
Am I affected by CVE-2026-5532?
You are potentially affected if you are using ScrapeGraphAI versions 1.0.0 through 1.74.0. Check your installed version and upgrade immediately if vulnerable.
How do I fix CVE-2026-5532?
Upgrade ScrapeGraphAI to version 1.10.0 or later to resolve this vulnerability. This update includes a fix for the command injection flaw.
Abhängigkeiten automatisch überwachen
Werde benachrichtigt, wenn neue Schwachstellen deine Projekte betreffen. Für immer kostenlos.
Kostenlos starten