CVE-2026-5631

HIGH CVSS 7.3 View on NVD ↗

Description

A vulnerability has been found in assafelovic gpt-researcher up to 3.4.3. This affects the function extract_command_data of the file backend/server/server_utils.py of the component ws Endpoint. Such manipulation of the argument args leads to code injection. The attack may be performed from remote. The exploit has been disclosed to the public and may be used. The project was informed of the problem early through an issue report but has not responded yet.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

References

https://github.com/assafelovic/gpt-researcher/
https://github.com/assafelovic/gpt-researcher/issues/1694
https://vuldb.com/submit/785858
https://vuldb.com/vuln/355419
https://vuldb.com/vuln/355419/cti

Published: Apr 06, 2026 07:16 UTC Modified: Apr 06, 2026 07:16 UTC