Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

8 matches found

RedhatCVE
RedhatCVEadded 2026/04/07 10:51 a.m.2 views

CVE-2026-5631

A vulnerability has been found in assafelovic gpt-researcher up to 3.4.3. This affects the function extractcommanddata of the file backend/server/serverutils.py of the component ws Endpoint. Such manipulation of the argument args leads to code injection. The attack may be performed from remote. T...

7.5CVSS5.5AI score0.00067EPSS
Exploits0References1
Snyk
Snykadded 2026/04/06 8:11 a.m.2 views

Arbitrary Code Injection

Overview gpt-researcher is a GPT Researcher is an autonomous agent designed for comprehensive web research on any task Affected versions of this package are vulnerable to Arbitrary Code Injection in the extractcommanddata function of the /ws endpoint. An attacker can execute arbitrary code by...

7.5CVSS6.3AI score0.00067EPSS
Exploits0References2
NVD
NVDadded 2026/04/06 7:16 a.m.0 views

CVE-2026-5631

A vulnerability has been found in assafelovic gpt-researcher up to 3.4.3. This affects the function extractcommanddata of the file backend/server/serverutils.py of the component ws Endpoint. Such manipulation of the argument args leads to code injection. The attack may be performed from remote. T...

7.5CVSS0.00067EPSS
Exploits0References5
CVE
CVEadded 2026/04/06 6:30 a.m.3 views

CVE-2026-5631

The CVE-2026-5631 entry affects assafelovic gpt-researcher up to version 3.4.3. The vulnerability resides in the function extract_command_data in backend/server/server_utils.py of the ws Endpoint, where manipulation of the args parameter enables code injection. This can be exploited remotely; the...

7.5CVSS6.7AI score0.00067EPSS
Exploits0References5
Cvelist
Cvelistadded 2026/04/06 6:30 a.m.30 views

CVE-2026-5631 assafelovic gpt-researcher ws Endpoint server_utils.py extract_command_data code injection

A vulnerability has been found in assafelovic gpt-researcher up to 3.4.3. This affects the function extractcommanddata of the file backend/server/serverutils.py of the component ws Endpoint. Such manipulation of the argument args leads to code injection. The attack may be performed from remote. T...

7.5CVSS0.00067EPSS
Exploits0References5
ATTACKERKB
ATTACKERKBadded 2026/04/06 6:30 a.m.1 views

CVE-2026-5631

A vulnerability has been found in assafelovic gpt-researcher up to 3.4.3. This affects the function extractcommanddata of the file backend/server/serverutils.py of the component ws Endpoint. Such manipulation of the argument args leads to code injection. The attack may be performed from remote. T...

7.5CVSS6.7AI score0.00067EPSS
Exploits0References5Affected Software1
Positive Technologies
Positive Technologiesadded 2026/04/06 12:0 a.m.2 views

PT-2026-30570

A vulnerability has been found in assafelovic gpt-researcher up to 3.4.3. This affects the function extract command data of the file backend/server/server utils.py of the component ws Endpoint. Such manipulation of the argument args leads to code injection. The attack may be performed from remote...

7.5CVSS6.7AI score0.00067EPSS
Exploits0References6
CNNVD
CNNVDadded 2026/04/06 12:0 a.m.2 views

GPT Researcher 代码注入漏洞

GPT Researcher is an AI-based deep research agent tool developed by Assaf Elovic. Versions of GPT Researcher 3.4.3 and earlier have a code injection vulnerability. This vulnerability stems from improper handling of the args parameter in the extractcommanddata function in the...

7.5CVSS7.2AI score0.00067EPSS
Exploits0References5
Rows per page
Query Builder