Skip to main content

ai-scanner CVE-2026-41512

| EUVDEUVD-2026-28599 CRITICAL
Code Injection (CWE-94)
2026-05-08 security-advisories@github.com
9.9
CVSS 3.1 · GitHub Advisory
Share

Severity by source

GitHub Advisory PRIMARY
9.9 CRITICAL
AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Primary rating from GitHub Advisory · only source for this CVE.

CVSS VectorGitHub Advisory

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

4
Patch available
May 08, 2026 - 15:02 EUVD
Source Code Evidence Fetched
May 08, 2026 - 14:32 vuln.today
Analysis Generated
May 08, 2026 - 14:32 vuln.today
CVE Published
May 08, 2026 - 14:16 nvd
CRITICAL 9.9

DescriptionGitHub Advisory

ai-scanner is an AI model safety scanner built on NVIDIA garak. From version 1.0.0 to before version 1.4.1, there is a remote code execution vulnerability via JavaScript injection in BrowserAutomation::PlaywrightService. This issue has been patched in version 1.4.1.

AnalysisAI

Remote code execution in ai-scanner versions 1.0.0 through 1.4.0 allows authenticated attackers to inject and execute arbitrary JavaScript code via the BrowserAutomation::PlaywrightService component. The vulnerability has a Critical CVSS score of 9.9 with scope change, enabling cross-boundary compromise of confidentiality, integrity, and availability. Vendor-released patch available in version 1.4.1 as of April 13, 2026, with GitHub Security Advisory GHSA-r27j-xxgx-f5vr confirming the fix.

Technical ContextAI

The vulnerability resides in ai-scanner, an AI model safety scanning tool built on NVIDIA garak framework. The flaw is a CWE-94 code injection weakness in the BrowserAutomation::PlaywrightService module, which likely handles browser automation testing via Microsoft's Playwright framework. The service appears to improperly sanitize or validate JavaScript input before execution in browser contexts, allowing attackers to break out of intended execution boundaries. The CVSS scope change (S:C) indicates the vulnerable component can affect resources beyond its security scope, suggesting the Playwright service operates with elevated privileges or can access adjacent trust domains within the AI scanning infrastructure.

RemediationAI

Upgrade immediately to ai-scanner version 1.4.1 released April 13, 2026, which applies security hardening to the BrowserAutomation::PlaywrightService component per GitHub issue #16. Download from https://github.com/0din-ai/ai-scanner/releases/tag/v1.4.1 and verify release integrity before deployment. If immediate patching is not feasible, implement compensating controls: restrict network access to the ai-scanner service to trusted IP ranges only via firewall rules; enforce strong authentication with MFA for all service accounts; disable or restrict access to browser automation features if not required for current scanning operations (trade-off: reduced testing coverage for browser-based AI model interfaces); deploy the service in an isolated network segment with egress filtering to limit post-exploitation lateral movement; enable comprehensive audit logging for all BrowserAutomation service invocations to detect injection attempts. Review access logs for versions 1.0.0-1.4.0 for suspicious JavaScript patterns in automation parameters as potential IOCs.

More in Nvidia

View all
CVE-2016-1741 CRITICAL POC
9.8 Mar 24

The NVIDIA driver in the Graphics Drivers subsystem in Apple OS X before 10.11.4 allows attackers to execute arbitrary c

CVE-2013-0109 HIGH POC
7.2 Apr 08

The NVIDIA driver before 307.78, and Release 310 before 311.00, in the NVIDIA Display Driver service on Windows does not

CVE-2019-5684 CRITICAL POC
10.0 Aug 06

NVIDIA Windows GPU Display Driver (all versions) contains a vulnerability in DirectX drivers, in which a specially craft

CVE-2026-24207 CRITICAL POC
9.8 May 20

Authentication bypass in NVIDIA Triton Inference Server allows unauthenticated remote attackers to reach protected funct

CVE-2019-5685 CRITICAL POC
9.8 Aug 06

NVIDIA Windows GPU Display Driver (all versions) contains a vulnerability in DirectX drivers, in which a specially craft

CVE-2025-23359 HIGH POC
8.3 Feb 12

NVIDIA Container Toolkit for Linux contains a Time-of-Check Time-of-Use (TOCTOU) vulnerability when used with default co

CVE-2016-8812 HIGH POC
8.8 Nov 08

For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA GeForce Experience R340 before GFE 2.11.4.125 and R375 before G

CVE-2016-1861 HIGH POC
7.8 Jun 19

The NVIDIA Graphics Drivers subsystem in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privi

CVE-2024-0132 HIGH POC
8.3 Sep 26

NVIDIA Container Toolkit 1.16.1 or earlier contains a Time-of-check Time-of-Use (TOCTOU) vulnerability when used with de

CVE-2016-1846 HIGH POC
7.8 May 20

The nvCommandQueue::GetHandleIndex method in the NVIDIA Graphics Drivers subsystem in Apple OS X before 10.11.5 allows a

CVE-2015-7865 HIGH POC
7.7 Nov 24

nvSCPAPISvr.exe in the Stereoscopic 3D Driver Service in the NVIDIA GPU graphics driver R340 before 341.92, R352 before

CVE-2016-8811 HIGH POC
7.8 Nov 08

For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA Windows GPU Display Driver R340 before 342.00 and R375 before 3

Share

CVE-2026-41512 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy