What is the CVSS score of CVE-2026-31233?

CVE-2026-31233 has a CVSS 3.1 base score of 9.8 (Critical). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H. EPSS exploitation probability: 0.1%.

Which versions of Guardrails AI are affected by CVE-2026-31233?

Guardrails AI versions through 0.6.7 contain a critical remote code execution vulnerability in the Hub package installation mechanism that allows malicious validator packages to execute arbitrary…

Guardrails AI CVE-2026-31233

EUVD-2026-29556 CRITICAL

Code Injection (CWE-94)

2026-05-12 mitre

GHSA-r6hf-g5x6-7pv9

RCE Code Injection N A

9.8

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Generated

May 14, 2026 - 20:23 vuln.today

CVSS changed

May 14, 2026 - 20:22 NVD

9.8 (CRITICAL)

CVE Published

May 12, 2026 - 00:00 nvd

CRITICAL 9.8

CVE Published

May 12, 2026 - 00:00 nvd

UNKNOWN (no severity yet)

DescriptionNVD

Guardrails AI thru 0.6.7 contains a code injection vulnerability (CWE-94) in its Hub package installation mechanism. When installing validator packages via guardrails hub install, the system retrieves a manifest from the Guardrails Hub and dynamically executes a script specified in the post_install field. The script path is constructed from untrusted manifest data and executed without proper validation or sanitization, allowing remote code execution. An attacker who can publish malicious packages to the Hub can inject arbitrary code that will be executed on any system where a victim installs the malicious package.

AnalysisAI

Remote code execution in Guardrails AI through version 0.6.7 occurs when installing validator packages via the Hub mechanism. The guardrails hub install command dynamically executes post-installation scripts from Hub manifests without validating the script path or content, allowing attackers who publish malicious packages to achieve arbitrary code execution on victim systems during package installation. …

RemediationAI

Within 24 hours: Inventory all systems running Guardrails AI versions ≤0.6.7 and identify which have Hub package installation enabled; restrict Hub installation privileges to authorized users only. Within 7 days: Audit installation logs for any Hub package installations and verify package sources; implement network controls to block unsigned or untrusted Hub package downloads. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

CVE-2026-31233 vulnerability details – vuln.today

Back

Guardrails AI CVE-2026-31233

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Full analysis requires sign-in

Share

External POC / Exploit Code