Description
ai-scanner is an AI model safety scanner built on NVIDIA garak. From version 1.0.0 to before version 1.4.1, there is a remote code execution vulnerability via JavaScript injection in `BrowserAutomation::PlaywrightService`. This issue has been patched in version 1.4.1.
Published: 2026-05-08
Score: 9.9 Critical
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability allows an attacker to inject malicious JavaScript into the BrowserAutomation::PlaywrightService component of ai-scanner, leading to execution of arbitrary code. This enables complete compromise of the system running the service, with full confidentiality, integrity, and availability impacts. The weakness is a classic code‑generation flaw identified as CWE‑94.

Affected Systems

The affected product is ai-scanner by 0din‑ai. Versions from 1.0.0 up until, but not including, 1.4.1 are vulnerable. The scanner is used as an AI model safety tool built on NVIDIA garak.

Risk and Exploitability

The CVSS score of 9.9 indicates a critical severity, while the EPSS score is not available and the vulnerability is not yet listed in the CISA KEV catalog. The likely attack vector is remote, inferred from the fact that the service processes JavaScript code; an attacker would need to supply malicious script to the BrowserAutomation::PlaywrightService interface, which is presumed to be reachable over the network. With the provided impact, an exploit would lead to full control over the affected host.

Generated by OpenCVE AI on May 8, 2026 at 18:23 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade ai-scanner to version 1.4.1 or later, where the issue is patched
  • If immediate upgrade is not possible, restrict or disable the BrowserAutomation::PlaywrightService to prevent external script injection
  • Ensure that any JavaScript passed to the service originates from trusted sources or is thoroughly validated before execution

Generated by OpenCVE AI on May 8, 2026 at 18:23 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 08 May 2026 14:00:00 +0000

Type Values Removed Values Added
Description ai-scanner is an AI model safety scanner built on NVIDIA garak. From version 1.0.0 to before version 1.4.1, there is a remote code execution vulnerability via JavaScript injection in `BrowserAutomation::PlaywrightService`. This issue has been patched in version 1.4.1.
Title Remote code execution via JavaScript injection in `BrowserAutomation::PlaywrightService`
Weaknesses CWE-94
References
Metrics cvssV3_1

{'score': 9.9, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-05-08T13:52:56.263Z

Reserved: 2026-04-20T18:18:50.681Z

Link: CVE-2026-41512

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-05-08T14:16:34.433

Modified: 2026-05-08T16:08:15.570

Link: CVE-2026-41512

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-08T18:30:06Z

Weaknesses