Skip to main content

guardrails-ai CVE-2026-45758

CRITICAL
Embedded Malicious Code (CWE-506)
2026-05-19 https://github.com/guardrails-ai/guardrails GHSA-xmpw-2vmm-p4p6
Authentication Bypass
9.6
CVSS 3.1
Share

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Changed
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

2
Source Code Evidence Fetched
May 19, 2026 - 16:30 vuln.today
Analysis Generated
May 19, 2026 - 16:30 vuln.today

DescriptionNVD

Impact

On May 11, 2026 at approximately 6:00 PM Pacific, an attacker published a malicious version of guardrails-ai (0.10.1) to PyPI.

Affected: any user who installed guardrails-ai==0.10.1 from PyPI on May 11, 2026.

Security researchers identified the malicious package within approximately 2 hours of publication, and PyPI quarantined the repository. Based on our telemetry, we have observed no requests to Guardrails AI infrastructure originating from the malicious 0.10.1 version, and a review of system and access logs has produced no evidence of user data exfiltration through our systems.

For the full timeline, technical details, and remediation steps we have taken, see SECURITY_ADVISORY.md.

Patches

No patched version above 0.10.1 is available yet. Downgrade to 0.10.0, which is unaffected.

Workarounds

1. Pin to a safe version:

guardrails-ai==0.10.0

2. While the PyPI quarantine is active, install from GitHub:

pip install git+https://github.com/guardrails-ai/guardrails.git@v0.10.0

The v0.10.0 tag in this repository is clean. Track quarantine status here: #1473.

3. If you installed 0.10.1, treat the host as potentially compromised. Rotate any credentials accessible from that machine (GitHub PATs, cloud provider keys, package registry tokens, API keys) and audit your GitHub account for unauthorized workflows or repositories.

4. Snowglobe and Guardrails Hub users : all Snowglobe and Guardrails Hub API keys will be invalidated at 2:00 PM Pacific on May 13, 2026. Rotate yours before then to avoid service interruption.

References

AnalysisAI

Supply chain compromise in the guardrails-ai Python package allows attackers to execute embedded malicious code on any developer or production host that installed version 0.10.1 from PyPI on May 11, 2026. The malicious release was live for roughly two hours before PyPI quarantined it, and the vendor reports no observed callbacks to Guardrails AI infrastructure, but any system that pulled 0.10.1 should be treated as compromised. …

Sign in for full analysis, threat intelligence, and remediation guidance.

RemediationAI

Within 24 hours: Conduct enterprise-wide audit for guardrails-ai 0.10.1 using package managers and dependency trackers; immediately isolate and quarantine affected systems. Within 7 days: Uninstall guardrails-ai 0.10.1 and downgrade to version 0.10.0 if continued use is required; implement mandatory package version verification and supplier scanning for all Python dependencies. …

Sign in for detailed remediation steps.

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Sign in - Free

Share

CVE-2026-45758 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy