Description
Dependency on vulnerable third-party component in GitHub Repo: zero-shot-scfoundation allows an unauthorized attacker to execute code over a network.
Published: 2026-03-10
Score: 8.8 High
EPSS: < 1% Very Low
KEV: No
Impact: Remote Code Execution
Action: Immediate Patch
AI Analysis

Impact

A dependency on a vulnerable third‑party component within the GitHub repository ‘zero‑shot‑scfoundation’ allows an unauthorized attacker to execute code over the network. The primary impact is remote code execution, as identified by CWE‑1395. The vulnerability could let an attacker run arbitrary code, compromising confidentiality, integrity, and availability of any systems that rely on this repository.

Affected Systems

Affected systems are the Microsoft GitHub repository named ‘zero‑shot‑scfoundation’. No specific version information is provided, so all versions of the repository that depend on the vulnerable component are potentially impacted.

Risk and Exploitability

The CVSS base score is 8.8, indicating high severity. The EPSS score is less than 1%, suggesting a low probability of exploitation at the current time. The vulnerability is not listed in the CISA Known Exploited Vulnerabilities catalog. The likely attack vector is network‑based, where an unauthorized attacker could exploit the dependency remotely. However, the exact method of execution is not detailed in the available data and is inferred from the description.

Generated by OpenCVE AI on March 16, 2026 at 23:17 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest patch or update the GitHub repository to remove the vulnerable dependency.
  • If an immediate patch is not available, isolate the repository or restrict network access to mitigate potential exploitation.
  • Monitor system logs and network activity for signs of exploitation attempts.

Generated by OpenCVE AI on March 16, 2026 at 23:17 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 13 Mar 2026 21:15:00 +0000

Type Values Removed Values Added
First Time appeared Microsoft zero-shot-scfoundation
Weaknesses NVD-CWE-noinfo
CPEs cpe:2.3:a:microsoft:zero-shot-scfoundation:*:*:*:*:*:*:*:*
Vendors & Products Microsoft zero-shot-scfoundation

Wed, 11 Mar 2026 12:00:00 +0000

Type Values Removed Values Added
First Time appeared Microsoft gihub Repo Zero Shot Scfoundation
Vendors & Products Microsoft gihub Repo Zero Shot Scfoundation

Tue, 10 Mar 2026 20:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Tue, 10 Mar 2026 17:30:00 +0000

Type Values Removed Values Added
Description Dependency on vulnerable third-party component in GitHub Repo: zero-shot-scfoundation allows an unauthorized attacker to execute code over a network.
Title GitHub: Zero Shot SCFoundation Remote Code Execution Vulnerability
First Time appeared Microsoft
Microsoft gihub Repo Zero Shot Scfoundation
Weaknesses CWE-1395
CPEs cpe:2.3:a:microsoft:gihub_repo_zero_shot_scFoundation:*:*:*:*:*:*:*:*
Vendors & Products Microsoft
Microsoft gihub Repo Zero Shot Scfoundation
References
Metrics cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C'}

Subscriptions

Microsoft Gihub Repo Zero Shot Scfoundation Gihub Repo Zero Shot Scfoundation Zero-shot-scfoundation
cve-icon MITRE

Status: PUBLISHED

Assigner: microsoft

Published:

Updated: 2026-03-27T22:33:11.474Z

Reserved: 2026-01-14T16:59:33.462Z

Link: CVE-2026-23654

cve-icon Vulnrichment

Updated: 2026-03-10T19:54:27.774Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-10T18:18:13.743

Modified: 2026-03-13T21:02:19.767

Link: CVE-2026-23654

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-20T14:34:10Z

Weaknesses