Critical severity9.8NVD Advisory· Published May 12, 2026· Updated May 14, 2026
CVE-2026-31233
CVE-2026-31233
Description
Guardrails AI thru 0.6.7 contains a code injection vulnerability (CWE-94) in its Hub package installation mechanism. When installing validator packages via guardrails hub install, the system retrieves a manifest from the Guardrails Hub and dynamically executes a script specified in the post_install field. The script path is constructed from untrusted manifest data and executed without proper validation or sanitization, allowing remote code execution. An attacker who can publish malicious packages to the Hub can inject arbitrary code that will be executed on any system where a victim installs the malicious package.
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1News mentions
48- TanStack Supply Chain Attack Hits Two OpenAI Employee Devices, Forces macOS UpdatesThe Hacker News · May 15, 2026
- TeamPCP hackers advertise Mistral AI code repos for saleBleepingComputer · May 14, 2026
- White House cyber official: identity security matters more than ever in the age of AICyberScoop · May 14, 2026
- OpenAI confirms security breach in TanStack supply chain attackBleepingComputer · May 14, 2026
- Most Organizations Now Use AI Agents for Sensitive Security TasksInfosecurity Magazine · May 14, 2026
- Closing the AI governance gap in your enterpriseHelp Net Security · May 14, 2026
- Weaponized AI: The new frontier of fraud and identity spoofingCyberScoop · May 13, 2026
- The Convergence of Cloud Secrets & AI RiskSentinelOne Labs · May 13, 2026
- Android Adds Intrusion Logging for Sophisticated Spyware ForensicsThe Hacker News · May 13, 2026
- Mini Shai-Hulud Hits TanStack npm PackagesInfosecurity Magazine · May 12, 2026
- Apple Patches Dozens of Vulnerabilities in macOS, iOSSecurityWeek · May 12, 2026
- Cache-poisoning caper turns TanStack npm packages toxicThe Register Security · May 12, 2026
- Mini Shai-Hulud Worm Compromises TanStack, Mistral AI, Guardrails AI & More PackagesThe Hacker News · May 12, 2026
- Shai Hulud attack ships signed malicious TanStack, Mistral npm packagesBleepingComputer · May 12, 2026
- TanStack, Mistral AI, UiPath Hit in Fresh Supply Chain AttackSecurityWeek · May 12, 2026
- Tech Can't Stop These Threats — Your People CanDark Reading · May 11, 2026
- Rapid7 and OpenAI: Helping Defenders Move at Machine SpeedRapid7 Blog · May 7, 2026
- AI-Driven Cyberattack on Mexico Couldn't Breach OT SystemsDark Reading · May 7, 2026
- ThreatsDay Bulletin: Edge Plaintext Passwords, ICS 0-Days, Patch-or-Die Alerts and 25+ New StoriesThe Hacker News · May 7, 2026
- Red Hat Enterprise Linux adds post-quantum security and AI-driven automation in latest releasesHelp Net Security · May 7, 2026
- Open-source MCP server monitoring for Python appsHelp Net Security · May 7, 2026
- Your AI Agents Are Already Inside the Perimeter. Do You Know What They're Doing?The Hacker News · May 6, 2026
- Why Security Leadership Makes or Breaks a Pen TestDark Reading · May 5, 2026
- Hacker Conversations: Joey Melo on Hacking AISecurityWeek · May 5, 2026
- We Scanned 1 Million Exposed AI Services. Here's How Bad the Security Actually IsThe Hacker News · May 5, 2026
- A rigged game: ScarCruft compromises gaming platform in a supply-chain attackESET WeLiveSecurity · May 5, 2026
- Operant AI Endpoint Protector secures AI agents and MCP toolsHelp Net Security · May 4, 2026
- Security for AI: A strategic framework for closing the AI exposure gapTenable Blog · May 4, 2026
- What researchers learned about building an LLM security workflowHelp Net Security · May 4, 2026
- If AI's So Smart, Why Does It Keep Deleting Production Databases?Dark Reading · May 1, 2026
- New infosec products of the month: April 2026Help Net Security · May 1, 2026
- Oracle Red Bull Racing Team Revs Up Automation to Boost SecurityDark Reading · Apr 30, 2026
- Mastering agentic AI security through exposure managementTenable Blog · Apr 29, 2026
- Project Glasswing Proved AI Can Find the Bugs. Who's Going to Fix Them?The Hacker News · Apr 23, 2026
- Automation at Machine Speed: Rethinking Execution in Modern CybersecuritySentinelOne Labs · Apr 20, 2026
- Frontier AI Reinforces the Future of Modern Cyber DefenseSentinelOne Labs · Apr 16, 2026
- Governance Gaps Emerge as AI Agents Drive 76% Increase in NHIsInfosecurity Magazine · Apr 9, 2026
- Anthropic Launches Project Glasswing to Use AI to Find and Fix Critical Software VulnerabilitiesInfosecurity Magazine · Apr 8, 2026
- GrafanaGhost Exploit Bypasses AI Guardrails for Silent Data ExfiltrationInfosecurity Magazine · Apr 7, 2026
- ChatGPT Security Issue Enabled Data Theft via Single PromptInfosecurity Magazine · Mar 31, 2026
- RSA Conference: UK NCSC Head Urges Industry to Develop Vibe Coding SafeguardsInfosecurity Magazine · Mar 24, 2026
- Most Cybersecurity Staff Don’t Know How Fast They Could Stop a Cyber-Attack on AI SystemsInfosecurity Magazine · Mar 23, 2026
- UK: Regulation Drives Cyber Spending for Critical Infrastructure OrgsInfosecurity Magazine · Mar 19, 2026
- AI Issues Will Drive Half of Incident Response Efforts by 2028, Says GartnerInfosecurity Magazine · Mar 18, 2026
- Researchers Discover Major Security Gaps in LLM GuardrailsInfosecurity Magazine · Mar 11, 2026
- Sednit reloaded: Back in the trenchesESET WeLiveSecurity · Mar 10, 2026
- Introducing the CrowdStrike Shadow AI Visibility ServiceCrowdStrike Blog
- CrowdStrike Named a Leader in Frost & Sullivan 2026 Radar for Cloud-Native Application Protection PlatformsCrowdStrike Blog