CVE-2026-5532

MEDIUM

ScrapeGraphAI scrapegraph-ai GenerateCodeNode generate_code_node.py create_sandbox_and_execute os command injection

Title source: cna

Description

A vulnerability was found in ScrapeGraphAI scrapegraph-ai up to 1.74.0. The affected element is the function create_sandbox_and_execute of the file scrapegraphai/nodes/generate_code_node.py of the component GenerateCodeNode Component. The manipulation results in os command injection. The attack may be launched remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.

References (4)

[Vdb Entry, Technical Description] https://vuldb.com/vuln/355285

[Signature, Permissions Required] https://vuldb.com/vuln/355285/cti

[Third Party Advisory] https://vuldb.com/submit/782169

[Exploit] https://github.com/August829/CVEP/issues/19

Scores

CVSS v3 6.3

EPSS 0.0020

EPSS Percentile 42.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

Details

CWE

CWE-77 CWE-78

Status published

Products (50)

ScrapeGraphAI/scrapegraph-ai 1.0

ScrapeGraphAI/scrapegraph-ai 1.1

ScrapeGraphAI/scrapegraph-ai 1.10

ScrapeGraphAI/scrapegraph-ai 1.11

ScrapeGraphAI/scrapegraph-ai 1.12

ScrapeGraphAI/scrapegraph-ai 1.13

ScrapeGraphAI/scrapegraph-ai 1.14

ScrapeGraphAI/scrapegraph-ai 1.15

ScrapeGraphAI/scrapegraph-ai 1.16

ScrapeGraphAI/scrapegraph-ai 1.17

... and 40 more

Published Apr 05, 2026

Tracked Since Apr 05, 2026