CVE-2026-0762

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2026-0762
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-0762.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-0762
Published
2026-01-23T04:16:02.973Z
Modified
2026-03-13T04:07:33.365546Z
Severity
  • 8.1 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

GPT Academic stream_daas Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GPT Academic. Interaction with a malicious DAAS server is required to exploit this vulnerability but attack vectors may vary depending on the implementation.

The specific flaw exists within the stream_daas function. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-27956.

References

Affected packages

Git / github.com/binary-husky/gpt_academic

Affected ranges

Type
GIT
Repo
https://github.com/binary-husky/gpt_academic
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
8413fb15ba05c4d1bf245a13096e9a2e03777866
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "3.91"
        }
    ]
}

Affected versions

version2.*
version2.68-3
version2.68-4
version2.7
version3.*
version3.1
version3.1-2
version3.1-3
version3.15
version3.2
version3.3
version3.3-2
version3.3-3
version3.3-4
version3.32
version3.33
version3.33-2
version3.34
version3.35
version3.36
version3.37
version3.37-2
version3.37-3
version3.37-4
version3.4
version3.4-2
version3.41
version3.41-2
version3.41-3
version3.42
version3.42-2
version3.43
version3.44
version3.45
version3.47
version3.48
version3.48-1
version3.50
version3.50-1
version3.50-2
version3.50-3
version3.52
version3.52-1
version3.53
version3.53-1
version3.53-2
version3.54
version3.54-2
version3.55
version3.55-2
version3.60-1
version3.60-2
version3.60-3
version3.64-1
version3.70
version3.74
version3.75
version3.83
version3.83-fix-1
version3.90
version3.90patch1
version3.91

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-0762.json"