Description
GPT-Pilot thru commit 0819827ce20346ef5f25b3fe29293cb448840565 (2025-09-03) contains a command injection vulnerability (CWE-78) in the Executor.run() method. During project execution, when the system prompts the user to confirm or modify a command to be run, it accepts free-text input without proper validation. The user-supplied input is directly passed to asyncio.create_subprocess_shell() for execution. This allows an attacker to replace the intended command with arbitrary shell commands, leading to remote code execution with the privileges of the GPT-Pilot process.
Published: 2026-05-11
Score: 6.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A command injection flaw exists in GPT‑Pilot’s Executor.run() method. When the tool prompts the user to confirm or modify a command to be executed, it accepts arbitrary free‑text input without validation and passes it directly to asyncio.create_subprocess_shell(). This omission allows an attacker to replace or append shell commands, enabling remote code execution with the privileges of the running GPT‑Pilot process.

Affected Systems

Versions of GPT‑Pilot up to and including the commit 0819827ce20346ef5f25b3fe29293cb448840565 (dated 2025‑09‑03) are affected. No additional vendors or products outside GPT‑Pilot are listed as impacted.

Risk and Exploitability

The CVSS score of 6.5 indicates medium severity. The EPSS score of <1% shows a low probability of exploitation, and the vulnerability is not in the CISA KEV catalog. An attacker can obtain remote code execution simply by inserting malicious commands at the execution confirmation prompt, without needing additional privileges beyond those granted to the GPT‑Pilot process.

Generated by OpenCVE AI on May 12, 2026 at 23:33 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade GPT‑Pilot to a commit that resolves the injection vulnerability; if none is available, apply a patch that sanitizes the executor’s input handling.
  • Modify Executor.run() to perform strict input validation or escape user‑supplied data before calling the shell, or replace asyncio.create_subprocess_shell() with a safer API that accepts a list of arguments.
  • Restrict the confirmation prompt to trusted users only, enforcing role‑based access control so that only authorized personnel can confirm or modify commands.
  • Run the GPT‑Pilot service under the least privilege necessary, such as a dedicated low‑privilege user, to limit the impact of a successful injection.
  • If a temporary fix is required, deactivate the executor’s ability to launch shell commands until a permanent patch can be applied.

Generated by OpenCVE AI on May 12, 2026 at 23:33 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 13 May 2026 00:00:00 +0000

Type Values Removed Values Added
Title Command Injection in GPT‑Pilot Executor Enables Remote Code Execution

Tue, 12 May 2026 19:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 12 May 2026 10:45:00 +0000

Type Values Removed Values Added
First Time appeared Pythagora-io
Pythagora-io gpt-pilot
Vendors & Products Pythagora-io
Pythagora-io gpt-pilot

Mon, 11 May 2026 17:00:00 +0000

Type Values Removed Values Added
Title Command Injection in GPT‑Pilot Executor Enables Remote Code Execution
Weaknesses CWE-78

Mon, 11 May 2026 15:30:00 +0000

Type Values Removed Values Added
Description GPT-Pilot thru commit 0819827ce20346ef5f25b3fe29293cb448840565 (2025-09-03) contains a command injection vulnerability (CWE-78) in the Executor.run() method. During project execution, when the system prompts the user to confirm or modify a command to be run, it accepts free-text input without proper validation. The user-supplied input is directly passed to asyncio.create_subprocess_shell() for execution. This allows an attacker to replace the intended command with arbitrary shell commands, leading to remote code execution with the privileges of the GPT-Pilot process.
References

Subscriptions

Pythagora-io Gpt-pilot
cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-05-12T18:41:25.580Z

Reserved: 2026-03-09T00:00:00.000Z

Link: CVE-2026-31246

cve-icon Vulnrichment

Updated: 2026-05-12T18:41:20.230Z

cve-icon NVD

Status : Received

Published: 2026-05-11T16:17:29.623

Modified: 2026-05-12T19:16:30.267

Link: CVE-2026-31246

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-12T23:45:25Z

Weaknesses