CVE-2026-31231

CRITICAL

Cognee <=0.4.0 Notebook Cell Execution API - Remote Code Execution

Title source: manual

Description

Cognee thru v0.4.0 contains a critical remote code execution vulnerability in its notebook cell execution API endpoint. The endpoint is designed to execute arbitrary Python code provided by the user, but it does so using the unsafe exec() function without any sandboxing, validation, or security controls. An attacker can exploit this by sending a specially crafted POST request containing malicious Python code to the execution endpoint. This leads to arbitrary code execution on the Cognee server with the privileges of the server process, allowing complete compromise of the system.

References (2)

Core 2

Core References

https://github.com/topoteretes/cognee

https://www.notion.so/CVE-2026-31231-35d1e13931888178a963ef9efeb29113

Scores

CVSS v3 9.8

EPSS 0.0063

EPSS Percentile 45.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact total

Details

CWE

CWE-94

Status published

Published May 12, 2026

Tracked Since May 12, 2026