CVE-2026-5532: Command Injection in ScrapeGraphAI 1.0.0-1.74.0
Platform
python
Component
scrapegraph-ai
Fixed in
1.10.0
CVE-2026-5532 represents a command injection vulnerability discovered in ScrapeGraphAI, specifically within the GenerateCodeNode component's create_sandbox_and_execute function. Successful exploitation allows an attacker to execute arbitrary operating system commands, potentially leading to system compromise. This vulnerability affects versions 1.0.0 through 1.74.0 of ScrapeGraphAI, and a patch is available in version 1.10.0.
How to fix
Actualice a la versión 1.10.0 o superior para mitigar la vulnerabilidad de inyección de comandos del sistema operativo. Revise el código fuente para identificar y corregir la causa raíz de la inyección de comandos. Implemente una validación y sanitización robustas de las entradas del usuario para prevenir futuros ataques.
Frequently asked questions
What is CVE-2026-5532?
CVE-2026-5532 is a command injection vulnerability in ScrapeGraphAI versions 1.0.0 to 1.74.0. It allows attackers to execute arbitrary OS commands remotely.
Am I affected by CVE-2026-5532?
You are potentially affected if you are using ScrapeGraphAI versions 1.0.0 through 1.74.0. Check your version and update if necessary.
How do I fix CVE-2026-5532?
Upgrade to ScrapeGraphAI version 1.10.0 or later to address this vulnerability.
Monitor your dependencies automatically
Get notified when new vulnerabilities affect your projects. Free forever.
Start free