CVE-2026-31233

CRITICAL

Guardrails AI Hub <0.6.7 - Code Injection

Title source: llm

Description

Guardrails AI thru 0.6.7 contains a code injection vulnerability (CWE-94) in its Hub package installation mechanism. When installing validator packages via guardrails hub install, the system retrieves a manifest from the Guardrails Hub and dynamically executes a script specified in the post_install field. The script path is constructed from untrusted manifest data and executed without proper validation or sanitization, allowing remote code execution. An attacker who can publish malicious packages to the Hub can inject arbitrary code that will be executed on any system where a victim installs the malicious package.

References (2)

Core 2

Core References

https://github.com/guardrails-ai/guardrails

https://www.notion.so/CVE-2026-31233-35d1e13931888142a954fb3f50ee0c94

Scores

CVSS v3 9.8

EPSS 0.0063

EPSS Percentile 45.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact total

Details

CWE

CWE-94

Status published

Products (1)

pypi/guardrails-ai 0 - 0.6.7PyPI

Published May 12, 2026

Tracked Since May 12, 2026