PT-2026-30403 · Unknown · Scrapegraph-Ai
Yu Bao
·
Published
2026-04-05
·
Updated
2026-04-05
·
CVE-2026-5532
CVSS v2.0
7.5
High
| Vector | AV:N/AC:L/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
ScrapeGraphAI versions up to 1.74.0
Description
A flaw exists in the
create sandbox and execute function within the scrapegraphai/nodes/generate code node.py file of the GenerateCodeNode Component. This can lead to operating system command injection, potentially allowing remote attackers to execute arbitrary commands. The exploit has been publicly disclosed.Recommendations
Versions prior to 1.74.0 should be updated. As a temporary workaround, consider disabling the
create sandbox and execute function until a patch is available.Exploit
Fix
OS Command Injection
Command Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Scrapegraph-Ai