Description
ai-scanner is an AI model safety scanner built on NVIDIA garak. From version 1.0.0 to before version 1.4.1, there is a remote code execution vulnerability via JavaScript injection in `BrowserAutomation::PlaywrightService`. This issue has been patched in version 1.4.1.
Published: 2026-05-08
Score: 9.9 Critical
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability allows an attacker to inject malicious JavaScript into the BrowserAutomation::PlaywrightService component of ai-scanner, leading to execution of arbitrary code. This enables complete compromise of the system running the service, with full confidentiality, integrity, and availability impacts. The weakness is a classic code‑generation flaw identified as CWE‑94.

Affected Systems

The affected product is ai-scanner by 0din‑ai. Versions from 1.0.0 up until, but not including, 1.4.1 are vulnerable. The scanner is used as an AI model safety tool built on NVIDIA garak.

Risk and Exploitability

The CVSS score of 9.9 indicates a critical severity, while the EPSS score is not available and the vulnerability is not yet listed in the CISA KEV catalog. The likely attack vector is remote, inferred from the fact that the service processes JavaScript code; an attacker would need to supply malicious script to the BrowserAutomation::PlaywrightService interface, which is presumed to be reachable over the network. With the provided impact, an exploit would lead to full control over the affected host.

Generated by OpenCVE AI on May 8, 2026 at 18:23 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade ai-scanner to version 1.4.1 or later, where the issue is patched
  • If immediate upgrade is not possible, restrict or disable the BrowserAutomation::PlaywrightService to prevent external script injection
  • Ensure that any JavaScript passed to the service originates from trusted sources or is thoroughly validated before execution

Generated by OpenCVE AI on May 8, 2026 at 18:23 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 11 May 2026 17:30:00 +0000

Type Values Removed Values Added
First Time appeared Mozilla
Mozilla 0din Scanner
CPEs cpe:2.3:a:mozilla:0din_scanner:*:*:*:*:*:*:*:*
Vendors & Products Mozilla
Mozilla 0din Scanner

Sun, 10 May 2026 21:45:00 +0000

Type Values Removed Values Added
First Time appeared 0din-ai
0din-ai ai-scanner
Vendors & Products 0din-ai
0din-ai ai-scanner

Fri, 08 May 2026 22:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Fri, 08 May 2026 14:00:00 +0000

Type Values Removed Values Added
Description ai-scanner is an AI model safety scanner built on NVIDIA garak. From version 1.0.0 to before version 1.4.1, there is a remote code execution vulnerability via JavaScript injection in `BrowserAutomation::PlaywrightService`. This issue has been patched in version 1.4.1.
Title Remote code execution via JavaScript injection in `BrowserAutomation::PlaywrightService`
Weaknesses CWE-94
References
Metrics cvssV3_1

{'score': 9.9, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H'}

Subscriptions

0din-ai Ai-scanner
Mozilla 0din Scanner
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-05-08T21:27:16.514Z

Reserved: 2026-04-20T18:18:50.681Z

Link: CVE-2026-41512

cve-icon Vulnrichment

Updated: 2026-05-08T17:05:07.753Z

cve-icon NVD

Status : Analyzed

Published: 2026-05-08T14:16:34.433

Modified: 2026-05-11T17:20:02.550

Link: CVE-2026-41512

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-10T21:25:18Z

Weaknesses