CVE-2026-41512
CriticalSummary
In versions from 1.0.0 to before 1.4.1, the ai-scanner tool has a remote code execution vulnerability via JavaScript injection in `BrowserAutomation::PlaywrightService`. This issue has been patched in version 1.4.1.
Risk Assessment
Organizations using vulnerable versions may be exposed to remote code execution, potentially leading to serious security breaches.
Recommendation
It is recommended to update ai-scanner to version 1.4.1 or later to mitigate this vulnerability.
Original NVD description (English source)
ai-scanner is an AI model safety scanner built on NVIDIA garak. From version 1.0.0 to before version 1.4.1, there is a remote code execution vulnerability via JavaScript injection in `BrowserAutomation::PlaywrightService`. This issue has been patched in version 1.4.1.

