Description
Cognee thru v0.4.0 contains a critical remote code execution vulnerability in its notebook cell execution API endpoint. The endpoint is designed to execute arbitrary Python code provided by the user, but it does so using the unsafe exec() function without any sandboxing, validation, or security controls. An attacker can exploit this by sending a specially crafted POST request containing malicious Python code to the execution endpoint. This leads to arbitrary code execution on the Cognee server with the privileges of the server process, allowing complete compromise of the system.
Published: 2026-05-12
Score: 9.8 Critical
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability originates from Cognee's notebook cell execution API, which accepts arbitrary Python code and runs it using exec() without any safeguards. According to CWE-94, this uses unsafe exec without validation, making it a critical code execution flaw. An attacker can send a crafted POST request containing malicious code that is executed with the privileges of the Cognee server process. This permits arbitrary code execution, granting full control over the host system and compromising confidentiality, integrity, and availability.

Affected Systems

Cognee versions up to 0.4.0 are affected. The issue is present in the server component that provides the notebook cell execution endpoint.

Risk and Exploitability

The likely attack vector is an unauthenticated or authenticated HTTP POST request to the vulnerable API endpoint. Based on the description, it is inferred that the payload can be delivered by any client with network access to the endpoint. The absence of input validation or sandboxing allows the payload to run with server privileges. The CVSS score is 9.8, indicating a critical severity. The EPSS score is <1%, indicating low probability of exploitation. No official fix is currently available, but the vulnerability is not listed in the CISA KEV catalog, indicating no publicly known exploits as of now.

Generated by OpenCVE AI on May 15, 2026 at 21:27 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Disable the notebook cell execution API until an official fix is released.
  • Restrict network access to the API endpoint using firewall rules or reverse-proxy authentication.
  • Run the Cognee application inside a container or sandbox with limited privileges.
  • Check the Cognee repository at https://github.com/topoteretes/cognee for official patches or updates.

Generated by OpenCVE AI on May 15, 2026 at 21:27 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 15 May 2026 21:45:00 +0000

Type Values Removed Values Added
Title Cognee Remote Code Execution via Unsafe Notebook Cell Execution

Fri, 15 May 2026 19:45:00 +0000

Type Values Removed Values Added
Title Arbitrary Code Execution via Unsandboxed exec() in Cognee Notebook API
Weaknesses CWE-20

Fri, 15 May 2026 18:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Wed, 13 May 2026 11:00:00 +0000

Type Values Removed Values Added
First Time appeared Topoteretes
Topoteretes cognee
Vendors & Products Topoteretes
Topoteretes cognee

Tue, 12 May 2026 19:30:00 +0000

Type Values Removed Values Added
Title Arbitrary Code Execution via Unsandboxed exec() in Cognee Notebook API
Weaknesses CWE-20
CWE-94

Tue, 12 May 2026 17:30:00 +0000

Type Values Removed Values Added
Description Cognee thru v0.4.0 contains a critical remote code execution vulnerability in its notebook cell execution API endpoint. The endpoint is designed to execute arbitrary Python code provided by the user, but it does so using the unsafe exec() function without any sandboxing, validation, or security controls. An attacker can exploit this by sending a specially crafted POST request containing malicious Python code to the execution endpoint. This leads to arbitrary code execution on the Cognee server with the privileges of the server process, allowing complete compromise of the system.
References

Subscriptions

Topoteretes Cognee
cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-05-15T18:05:30.352Z

Reserved: 2026-03-09T00:00:00.000Z

Link: CVE-2026-31231

cve-icon Vulnrichment

Updated: 2026-05-15T17:15:01.043Z

cve-icon NVD

Status : Deferred

Published: 2026-05-12T18:16:51.387

Modified: 2026-05-15T19:16:57.960

Link: CVE-2026-31231

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-15T21:30:08Z

Weaknesses