OpenZeppelin Contracts Wizard CVE-2026-48054
HIGH
GHSA-4x76-22x2-rx8v
Severity by source
AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Attacker input reaches a network-reachable integrator without auth (AV:N/PR:N), exploitation needs only a crafted string (AC:L), but a developer must run the generated tests (UI:R), yielding full RCE (C/I/A:H).
Primary rating from GitHub Advisory.
CVSS VectorGitHub Advisory
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Lifecycle Timeline
2Blast Radius
ecosystem impact- 5 npm packages depend on @openzeppelin/wizard (5 direct, 0 indirect)
Ecosystem-wide dependent count for version 0.10.9.
DescriptionGitHub Advisory
Summary
The OpenZeppelin Contracts Wizard generated Hardhat (test/test.ts) and Foundry (test/<Name>.t.sol) example test files that interpolated user-supplied strings (opts.name, opts.uri) into the test source without escaping. A crafted input could produce a generated test file in which the input string broke out of its surrounding literal and was parsed as code, executing when a developer ran npm test or forge test on the downloaded project.
Impact
- Users of the hosted Wizard at https://wizard.openzeppelin.com: no action required. The site has been redeployed with the fix.
- Users of
@openzeppelin/wizardvia the documented public API: not affected. The vulnerable functions (zipHardhat,zipFoundry) are not part of the package's documented public exports. - Callers of
zipHardhat/zipFoundrywho forward externally-controlled strings intoopts.name/opts.uri: upgrade to0.10.9.
Patches
Fixed in @openzeppelin/wizard@0.10.9.
Articles & Coverage 2
AnalysisAI
Code injection in OpenZeppelin Contracts Wizard's @openzeppelin/wizard npm package (<=0.10.8) allows attacker-supplied strings passed through opts.name or opts.uri into the zipHardhat/zipFoundry helpers to break out of string literals inside generated Hardhat and Foundry test scaffolding, leading to arbitrary code execution on the developer's machine when npm test or forge test is run. No public exploit is identified at time of analysis, but a vendor advisory and patched commit are public via GitHub Security Advisory GHSA-4x76-22x2-rx8v.
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Requires (1) a downstream integrator that calls the undocumented `zipHardhat` or `zipFoundry` exports of `@openzeppelin/wizard` <= 0.10.8 and forwards externally-controlled strings into `opts.name` or `opts.uri`, (2) the attacker's ability to submit those strings to that integrator, and (3) a developer subsequently running `npm test` or `forge test` on the generated project (UI:R). … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | Provided CVSS 3.1 is 8.8 (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H), but the real-world blast radius is narrower than the score implies: the hosted wizard at wizard.openzeppelin.com has already been redeployed with the fix, the documented public npm API is not affected, and exploitation requires an integrator who (a) directly calls the undocumented `zipHardhat`/`zipFoundry` entrypoints and (b) forwards externally-controlled values into `opts.name`/`opts.uri`, plus a developer who then runs `npm test`/`forge test` on the resulting project (UI:R). … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker submits a crafted token name such as `é\")Token` or a URI containing `"` into a downstream service that wraps the wizard's `zipHardhat`/`zipFoundry` exports; the generated test file contains attacker-controlled JavaScript or Solidity that breaks out of the string literal. When the victim developer downloads the zipped project and runs `npm test` or `forge test`, the injected code executes in their local shell context. … |
| Remediation | Vendor-released patch: `@openzeppelin/wizard@0.10.9` - upgrade any project that calls `zipHardhat` or `zipFoundry` to this version (fix commit ec12c44f8d9e0491eba31037f95b36e98ec58b5f, advisory GHSA-4x76-22x2-rx8v). … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours: Identify all internal projects using @openzeppelin/wizard and halt npm/forge test execution in production-connected environments. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
More from same product – last 7 days
Remote code execution in Vitest Browser Mode (npm @vitest/browser 3.0.0-3.2.4, 4.0.0-4.1.7, 5.0.0-beta.0-5.0.0-beta.3) a
Remote prototype pollution in i18next-http-middleware before 3.9.7 allows unauthenticated attackers to write to Object.p
Prototype pollution in ApostropheCMS versions up to and including 4.30.0 allows an authenticated editor to poison Object
Stored cross-site scripting in the @apostrophecms/seo plugin (versions ≤1.4.2) allows any user holding the default edito
Sandbox escape leading to remote code execution affects KanaDojo (lingdojo/kana-dojo) before version 0.1.18, where the i
Share
External POC / Exploit Code
Leaving vuln.today