CVE-2026-31233CRITICAL 9.8EPSS p45.6%

CVE-2026-31233CVE-2026-31233

Description

Guardrails AI thru 0.6.7 contains a code injection vulnerability (CWE-94) in its Hub package installation mechanism. When installing validator packages via guardrails hub install, the system retrieves a manifest from the Guardrails Hub and dynamically executes a script specified in the post_install field. The script path is constructed from untrusted manifest data and executed without proper validation or sanitization, allowing remote code execution. An attacker who can publish malicious packages to the Hub can inject arbitrary code that will be executed on any system where a victim installs the malicious package.

Scoring

CVSS 3.19.8 (CRITICAL)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS0.64% probability of exploitation · percentile 45.6% · 2026-06-18T12:00:27Z
Published2026-05-12
Last modified2026-05-14

Underlying weaknesses· 1

CWE-94

References

  1. https://github.com/guardrails-ai/guardrails
  2. https://www.notion.so/CVE-2026-31233-35d1e13931888142a954fb3f50ee0c94

1

TypeTargetConfidenceTier
WeaknessImproper Control of Generation of Code ('Code Injection')cwe-940%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2026-45758
CVE
CVE-2026-40217
CVE
CVE-2026-7466
CVE
Langflow Code Injection Vulnerability
CVE
CVE-2026-21256
CVE
CVE-2026-0768
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.