CVE-2026-5532: Command Injection in ScrapeGraphAI 1.0.0-1.74.0
Platform
python
Component
scrapegraph-ai
Fixed in
1.10.0
CVE-2026-5532 represents a command injection vulnerability discovered in ScrapeGraphAI, specifically within the GenerateCodeNode component's create_sandbox_and_execute function. Successful exploitation allows an attacker to execute arbitrary operating system commands, potentially leading to system compromise. This vulnerability affects versions 1.0.0 through 1.74.0 of ScrapeGraphAI, and a patch is available in version 1.10.0.
How to fix
Actualice a la versión 1.10.0 o superior para mitigar la vulnerabilidad de inyección de comandos del sistema operativo. Revise el código fuente para identificar y corregir la causa raíz de la vulnerabilidad, asegurándose de que la entrada del usuario se valide y escape correctamente antes de ser utilizada en comandos del sistema operativo. Implemente medidas de seguridad adicionales, como el uso de un entorno de ejecución aislado, para limitar el impacto potencial de la vulnerabilidad.
Frequently asked questions
What is CVE-2026-5532?
CVE-2026-5532 is a command injection vulnerability in ScrapeGraphAI versions 1.0.0 to 1.74.0. It allows attackers to execute arbitrary OS commands remotely.
Am I affected by CVE-2026-5532?
You are potentially affected if you are using ScrapeGraphAI versions 1.0.0 through 1.74.0. Check your version and update if necessary.
How do I fix CVE-2026-5532?
Upgrade to ScrapeGraphAI version 1.10.0 or later to address this vulnerability.
Monitor your dependencies automatically
Get notified when new vulnerabilities affect your projects. Free forever.
Start free