PYSEC-2026-347

See a problem?
Import Source
https://github.com/pypa/advisory-database/blob/main/vulns/guardrails-ai/PYSEC-2026-347.yaml
JSON Data
https://api.osv.dev/v1/vulns/PYSEC-2026-347
Aliases
Published
2026-06-29T11:50:50.458991Z
Modified
2026-07-01T20:22:54.068049Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
Guardrails AI contains a code injection vulnerability in its Hub package installation mechanism
Details

Guardrails AI thru 0.6.7 contains a code injection vulnerability (CWE-94) in its Hub package installation mechanism. When installing validator packages via guardrails hub install, the system retrieves a manifest from the Guardrails Hub and dynamically executes a script specified in the post_install field. The script path is constructed from untrusted manifest data and executed without proper validation or sanitization, allowing remote code execution. An attacker who can publish malicious packages to the Hub can inject arbitrary code that will be executed on any system where a victim installs the malicious package.

References

Affected packages

PyPI / guardrails-ai

Package

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Last affected
0.6.7

Affected versions

0.*
0.1.0rc1
0.1.0rc2
0.1.0rc3
0.1.0
0.1.1
0.1.2
0.1.3
0.1.4
0.1.5
0.1.6
0.1.7
0.1.8
0.1.9
0.2.0a1
0.2.0a2
0.2.0a3
0.2.0a4
0.2.0a5
0.2.0a6
0.2.0
0.2.1a0
0.2.1
0.2.2
0.2.3a1
0.2.3
0.2.4a1
0.2.4
0.2.5
0.2.6
0.2.7
0.2.8
0.2.9
0.3.0
0.3.1
0.3.2
0.3.3
0.4.0
0.4.1
0.4.2
0.4.3
0.4.4
0.4.5
0.5.0a0
0.5.0a1
0.5.0a2
0.5.0a3
0.5.0a4
0.5.0a5
0.5.0a6
0.5.0a7
0.5.0a8
0.5.0a9
0.5.0a10
0.5.0a11
0.5.0a12
0.5.0a13
0.5.0
0.5.1
0.5.2
0.5.3
0.5.4
0.5.5
0.5.6
0.5.7
0.5.8
0.5.9
0.5.10
0.5.11
0.5.12
0.5.13
0.5.14
0.5.15
0.6.0a1
0.6.0a2
0.6.0a3
0.6.0a4
0.6.0
0.6.1
0.6.2
0.6.3
0.6.4
0.6.5
0.6.6
0.6.7

Database specific

source
"https://github.com/pypa/advisory-database/blob/main/vulns/guardrails-ai/PYSEC-2026-347.yaml"