PT-2026-30568 · Assafelovic · Gpt-Researcher
Yu_Bao
·
Published
2026-04-06
·
Updated
2026-04-06
·
CVE-2026-5625
CVSS v2.0
5.0
Medium
| Vector | AV:N/AC:L/Au:N/C:N/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
assafelovic gpt-researcher versions up to 3.4.3
Description
A weakness exists in assafelovic gpt-researcher up to version 3.4.3, specifically in the processing of the
gpt researcher/skills/researcher.py file within the WebSocket Interface component. Manipulation of the task argument can lead to cross-site scripting (XSS). The attack can be launched remotely, and an exploit has been publicly released.Recommendations
Update to a version beyond 3.4.3.
Exploit
Fix
Code Injection
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Gpt-Researcher