Lucene search
K

9 matches found

RedhatCVE
RedhatCVE
added 2026/06/05 7:22 p.m.10 views

CVE-2026-7191

Improper use of the static-eval npm package in the open source solution qnabot-on-aws versions 7.2.4 and earlier may allow an authenticated administrator to execute arbitrary code within the fulfillment Lambda execution context by injecting a crafted conditional chaining expression via the Conten...

8.6CVSS6.2AI score0.00433EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/04/27 8:8 p.m.5 views

CVE-2026-7191 Arbitrary Code Execution via Sandbox Bypass in the open source solution QnABot on AWS

Improper use of the static-eval npm package in the open source solution qnabot-on-aws versions 7.2.4 and earlier may allow an authenticated administrator to execute arbitrary code within the fulfillment Lambda execution context by injecting a crafted conditional chaining expression via the Conten...

8.6CVSS6.1AI score0.00433EPSS
Exploits0References2
EUVD
EUVD
added 2026/04/27 8:8 p.m.6 views

EUVD-2026-25921

Improper use of the static-eval npm package in the open source solution qnabot-on-aws versions 7.2.4 and earlier may allow an authenticated administrator to execute arbitrary code within the fulfillment Lambda execution context by injecting a crafted conditional chaining expression via the Conten...

8.6CVSS6.1AI score0.00433EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/04/27 8:8 p.m.10 views

CVE-2026-7191

Improper use of the static-eval npm package in the open source solution qnabot-on-aws versions 7.2.4 and earlier may allow an authenticated administrator to execute arbitrary code within the fulfillment Lambda execution context by injecting a crafted conditional chaining expression via the Conten...

8.6CVSS6.1AI score0.00433EPSS
Exploits0References3
CVE
CVE
added 2026/04/27 8:8 p.m.22 views

CVE-2026-7191

The CVE-2026-7191 entry concerns the open source solution qnabot-on-aws (versions ≤ 7.2.4). A misuse of the static-eval npm package allows an authenticated administrator to bypass the expression sandbox via a crafted conditional chaining expression in the Content Designer interface, enabling Java...

8.6CVSS6.1AI score0.00433EPSS
Exploits0References2
OSV
OSV
added 2026/04/27 8:8 p.m.3 views

CVE-2026-7191 Arbitrary Code Execution via Sandbox Bypass in the open source solution QnABot on AWS

Improper use of the static-eval npm package in the open source solution qnabot-on-aws versions 7.2.4 and earlier may allow an authenticated administrator to execute arbitrary code within the fulfillment Lambda execution context by injecting a crafted conditional chaining expression via the Conten...

8.6CVSS6.4AI score0.00433EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/04/27 8:8 p.m.38 views

CVE-2026-7191 Arbitrary Code Execution via Sandbox Bypass in the open source solution QnABot on AWS

Improper use of the static-eval npm package in the open source solution qnabot-on-aws versions 7.2.4 and earlier may allow an authenticated administrator to execute arbitrary code within the fulfillment Lambda execution context by injecting a crafted conditional chaining expression via the Conten...

8.6CVSS0.00433EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/04/27 12:0 a.m.12 views

aws-solutions QnABot on AWS 代码注入漏洞

aws-solutions QnABot on AWS is a multilingual chatbot developed by the aws-solutions company. Versions of aws-solutions QnABot on AWS prior to version 7.2.4 contained a code injection vulnerability. This vulnerability stemmed from improper use of static evaluated npm packages. It could allow...

8.6CVSS6.1AI score0.00433EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/27 12:0 a.m.8 views

PT-2026-35526

Name of the Vulnerable Software and Affected Versions qnabot-on-aws versions prior to 7.3.0 Description Improper use of the static-eval npm package allows an authenticated administrator to execute arbitrary code within the fulfillment Lambda execution context. This is achieved by injecting a...

8.6CVSS6AI score0.00433EPSS
Exploits0References7
Rows per page
Query Builder