CVE Catalog

CVE-2026-41512

Critical
Published: Translated: NVD NIST

Summary

In versions from 1.0.0 to before 1.4.1, the ai-scanner tool has a remote code execution vulnerability via JavaScript injection in `BrowserAutomation::PlaywrightService`. This issue has been patched in version 1.4.1.

Risk Assessment

Organizations using vulnerable versions may be exposed to remote code execution, potentially leading to serious security breaches.

Recommendation

It is recommended to update ai-scanner to version 1.4.1 or later to mitigate this vulnerability.

Original NVD description (English source)

ai-scanner is an AI model safety scanner built on NVIDIA garak. From version 1.0.0 to before version 1.4.1, there is a remote code execution vulnerability via JavaScript injection in `BrowserAutomation::PlaywrightService`. This issue has been patched in version 1.4.1.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS