CVE-2026-0763 - Vulnerability Details

- GPT Academic run_in_subprocess_wrapper_func Deserialization of Untrusted Data Remote Code Execution Vulnerability

Description

GPT Academic run_in_subprocess_wrapper_func Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GPT Academic. Authentication is not required to exploit this vulnerability.

The specific flaw exists within the run_in_subprocess_wrapper_func function. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-27958.

Published: 2026-01-23

Score: 9.8 Critical

EPSS: 2.2% Low

KEV: No

Impact:

Action:

Analysis

Impact

The vulnerability arises from deserialization of untrusted data within the run_in_subprocess_wrapper_func function of GPT Academic. Because user-supplied input is not validated before deserialization, a remote attacker can craft data that, when processed, is executed as code with root privileges. This flaw allows arbitrary code execution and has no authentication requirement.

Affected Systems

GPT Academic's GPT Academic software, version 3.91, is affected. No other versions are listed as vulnerable in the available data.

Risk and Exploitability

The CVSS score of 9.8 indicates a critical severity, while an EPSS score of 2% suggests a modest but non-negligible likelihood of exploitation. The vulnerability is not yet listed in the CISA KEV catalog. Based on the description, the likely attack vector is remote, network-based delivery of crafted data to the vulnerable function, enabling control over the execution context without authentication.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

GPT Academic

unknown

Version	Status	Constraints
`3.91`	affected	—

Configuration 1 [-]

cpe:2.3:a:binary-husky:gpt_academic:3.91:*:*:*:*:*:*:*

No data.

Vendor	Product	Confidence	Versions
Gpt Academic Project	Gpt Academic	—	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Apply the most recent security patch released by GPT Academic addressing the run_in_subprocess_wrapper_func deserialization issue.
Restrict external access to the run_in_subprocess_wrapper_func API or sandbox it so that only trusted/internal calls are allowed.
Continuously monitor system logs for anomalous subprocess launches or unexpected code execution patterns to detect possible exploitation attempts.

Generated by OpenCVE AI on April 18, 2026 at 03:18 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.02214.

Exploitation none

Automatable yes

Technical Impact total

References

Link	Providers
https://www.zerodayinitiative.com/advisories/ZDI-26-029/

History

Wed, 18 Feb 2026 16:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Binary-husky Binary-husky gpt Academic
CPEs		cpe:2.3:a:binary-husky:gpt_academic:3.91:::::::*
Vendors & Products		Binary-husky Binary-husky gpt Academic

Fri, 23 Jan 2026 20:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Fri, 23 Jan 2026 16:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Gpt Academic Project Gpt Academic Project gpt Academic
Vendors & Products		Gpt Academic Project Gpt Academic Project gpt Academic

Fri, 23 Jan 2026 04:00:00 +0000

Type	Values Removed	Values Added
Description		GPT Academic run_in_subprocess_wrapper_func Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GPT Academic. Authentication is not required to exploit this vulnerability. The specific flaw exists within the run_in_subprocess_wrapper_func function. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-27958.
Title		GPT Academic run_in_subprocess_wrapper_func Deserialization of Untrusted Data Remote Code Execution Vulnerability
Weaknesses		CWE-502
References		https://www.zerodayinitiative.com/advisories/ZDI-26-029/
Metrics		cvssV3_0 `{'score': 9.8, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}`

Subscriptions

Binary-husky Gpt Academic

Gpt Academic Project Gpt Academic

MITRE

Status: PUBLISHED

Assigner: zdi

Published: 2026-01-23T03:28:23.424Z

Updated: 2026-01-23T19:21:28.790Z

Reserved: 2026-01-08T22:49:54.957Z

Link: CVE-2026-0763

Vulnrichment

Updated: 2026-01-23T19:20:58.297Z

NVD

Status : Analyzed

Published: 2026-01-23T04:16:03.110

Modified: 2026-02-18T16:42:19.013

Link: CVE-2026-0763

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-04-18T03:30:25Z

Weaknesses

CWE-502

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Exploitation none

Automatable yes

Technical Impact total

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object