PYSEC-2026-1266

See a problem?
Import Source
https://github.com/pypa/advisory-database/blob/main/vulns/composio-core/PYSEC-2026-1266.yaml
JSON Data
https://api.osv.dev/v1/vulns/PYSEC-2026-1266
Aliases
Published
2026-07-07T14:34:41.176449Z
Modified
2026-07-07T17:47:11.976832598Z
Severity
  • 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L CVSS Calculator
  • 5.1 (Medium) CVSS_V4 - CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X CVSS Calculator
Summary
Composio Code Injection Vulnerability
Details

A vulnerability has been found in composiohq composio up to 0.5.6 and classified as critical. Affected by this vulnerability is the function Calculator of the file python/composio/tools/local/mathematical/actions/calculator.py. The manipulation leads to code injection. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

References

Affected packages

PyPI / composio-core

Package

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Last affected
0.5.6

Affected versions

0.*
0.1.82
0.1.83
0.1.84
0.1.87
0.1.88
0.1.89
0.1.90
0.1.91
0.1.92
0.1.93
0.1.94
0.1.95
0.1.96
0.1.97
0.1.98
0.1.99
0.1.100
0.1.101
0.2.0
0.2.1
0.2.2
0.2.3
0.2.4
0.2.5
0.2.6
0.2.7
0.2.8
0.2.9
0.2.10
0.2.11
0.2.12
0.2.14
0.2.15
0.2.16
0.2.17
0.2.18
0.2.19
0.2.20
0.2.21
0.2.22
0.2.32
0.2.33
0.2.34
0.2.35
0.2.36rc1
0.2.36rc2
0.2.36
0.2.37
0.2.38
0.2.39
0.2.40
0.2.41
0.2.44
0.2.46
0.2.47
0.2.48
0.2.49
0.2.50
0.2.51
0.2.52
0.2.54
0.2.55
0.2.56
0.2.59
0.2.60
0.2.63
0.2.64
0.3.0
0.3.1
0.3.2
0.3.3
0.3.4
0.3.5
0.3.6
0.3.7
0.3.9rc1
0.3.9rc2
0.3.9rc3
0.3.9rc4
0.3.9
0.3.10
0.3.11
0.3.12
0.3.13
0.3.14
0.3.15
0.3.16
0.3.17
0.3.18rc0
0.3.18rc1
0.3.18rc2
0.3.18
0.3.19
0.3.20rc0
0.3.20rc1
0.3.20
0.3.22
0.3.23rc0
0.3.23
0.3.24
0.3.25
0.3.26
0.3.27
0.3.28
0.3.29
0.3.30
0.4.0
0.4.1
0.4.2rc1
0.4.2rc2
0.4.2
0.4.3
0.4.4
0.4.5rc0
0.4.5rc1
0.4.5
0.5.0rc0
0.5.0rc1
0.5.0rc2
0.5.0
0.5.1
0.5.2
0.5.3
0.5.4
0.5.5
0.5.6

Database specific

source
"https://github.com/pypa/advisory-database/blob/main/vulns/composio-core/PYSEC-2026-1266.yaml"