PT-2026-38966 · Unknown+1 · Ai-Scanner+1

·

CVE-2026-41512

·

Published

2026-05-08

·

Updated

2026-05-17

CVSS v3.1

9.9

Critical

VectorAV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions ai-scanner versions 1.0.0 through 1.4.0
Description Remote code execution is possible via JavaScript injection in the BrowserAutomation::PlaywrightService function. This software is an AI model safety scanner built on NVIDIA garak.
Recommendations Update to version 1.4.1.

Exploit

Fix

RCE

Code Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2026-41512
GHSA-R27J-XXGX-F5VR

Affected Products

Ai-Scanner
Garak