What is CVE-2026-5532?

CVE-2026-5532 is a medium-severity vulnerability in Scrapegraphai Scrapegraph-ai, classified under Command Injection. CVSS score: 6.3/10. Published 2026-04-05.

How severe is CVE-2026-5532?

Medium severity. CVSS v3 base score is 6.3 out of 10.

RCE in Scrapegraphai Scrapegraph-ai

CVE-2026-5532

A vulnerability was found in ScrapeGraphAI scrapegraph-ai up to 1.74.0. The affected element is the function create_sandbox_and_execute of the file scrapegraphai/nodes/generate_code_node.py of the component GenerateCodeNode Component. The…

Vulnerability class: Command Injection (OS Command Injection)

EPSS: 0.002 (41.2th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 6.3 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L.

Affected products

Scrapegraphai Scrapegraph-ai — versions 1.0, 1.1, 1.2

Weakness classification (CWE)

References

VDB-355285 | ScrapeGraphAI scrapegraph-ai GenerateCodeNode generate_code_node.py create_sandbox_and_execute os command injection (technical-description, vdb-entry)
VDB-355285 | CTI Indicators (IOB, IOC, TTP, IOA) (signature, permissions-required)
Submit #782169 | ScrapeGraphAI scrapegraph-ai 1.74.0 Remote Code Execution (RCE) (third-party-advisory)
cna@vuldb.com (issue-tracking, exploit)

Frequently asked questions

What is CVE-2026-5532?: CVE-2026-5532 is a medium-severity vulnerability in Scrapegraphai Scrapegraph-ai, classified under Command Injection. CVSS score: 6.3/10. Published 2026-04-05.
How severe is CVE-2026-5532?: Medium severity. CVSS v3 base score is 6.3 out of 10.