CVE-2026-4500

CVSS v2.0

6.5

Medium

Vector

AV:N/AC:L/Au:S/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions bagofwords1 versions prior to 0.0.298

Description A flaw exists in the generate df function within the backend/app/ai/code execution/code execution.py file. This allows for injection attacks that can be launched remotely. The exploit is publicly available.

Recommendations Upgrade to version 0.0.298 or later.

Exploit

Fix

Improper Neutralization

Special Elements Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-707CWE-74

Related Identifiers

CVE-2026-4500

Affected Products

Bagofwords1

CVE-2026-4500

Weakness Enumeration

Related Identifiers

Affected Products

References · 12