Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
9.8
CVE-2026-31233: Guardrails AI through 0.6.7 allows remote code execution via Hub package installation
CVE-2026-31233
GHSA-r6hf-g5x6-7pv9
Summary
Guardrails AI has a security flaw in its package installation process. An attacker can publish malicious packages, which can then be installed by a victim and execute arbitrary code on their system. To protect yourself, update to a version of Guardrails AI that is not vulnerable, or avoid installing packages from untrusted sources.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Ecosystem | Vendor | Product | Affected versions |
|---|---|---|---|
| pip | – | guardrails-ai | <= 0.6.7 |
Original title
Guardrails AI contains a code injection vulnerability in its Hub package installation mechanism
Original description
Guardrails AI thru 0.6.7 contains a code injection vulnerability (CWE-94) in its Hub package installation mechanism. When installing validator packages via guardrails hub install, the system retrieves a manifest from the Guardrails Hub and dynamically executes a script specified in the post_install field. The script path is constructed from untrusted manifest data and executed without proper validation or sanitization, allowing remote code execution. An attacker who can publish malicious packages to the Hub can inject arbitrary code that will be executed on any system where a victim installs the malicious package.
Vulnerability type
CWE-94
Code Injection
Published: 12 May 2026 · Updated: 30 May 2026 · First seen: 13 May 2026