CVE-2026-41512
ai-scanner (built on NVIDIA garak) contains a remote code execution vulnerability in versions 1.0.0 up to before 1.4.1, caused by JavaScript injection in BrowserAutomation::PlaywrightService. A patch is available in v1.4.1. CVSSv3.1 metrics in the entry indicate a CRITICAL base score (9.9) with n...