CVE Catalog

CVE-2026-31233

Critical
Published: Translated: NVD NIST

Summary

Guardrails AI up to version 0.6.7 contains a code injection vulnerability (CWE-94) in its Hub package installation mechanism. When installing validator packages, the system retrieves a manifest from the Guardrails Hub and dynamically executes a script specified in the post_install field, allowing for remote code execution.

Risk Assessment

An attacker who can publish malicious packages to the Hub can inject arbitrary code that will be executed on any system where a victim installs the malicious package. This poses a serious security threat to user systems.

Recommendation

It is recommended to update Guardrails AI to the latest version to mitigate this vulnerability. Additionally, implement further validation and sanitization mechanisms for manifest data before execution.

Original NVD description (English source)

Guardrails AI thru 0.6.7 contains a code injection vulnerability (CWE-94) in its Hub package installation mechanism. When installing validator packages via guardrails hub install, the system retrieves a manifest from the Guardrails Hub and dynamically executes a script specified in the post_install field. The script path is constructed from untrusted manifest data and executed without proper validation or sanitization, allowing remote code execution. An attacker who can publish malicious packages to the Hub can inject arbitrary code that will be executed on any system where a victim installs the malicious package.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS