{"data":{"id":"ae60c0c1-38b8-4ee1-ba9b-7a7bb570c94f","title":"CVE-2026-44246: nnU-Net is a semantic segmentation framework that automatically adapts its pipeline to a dataset. Prior to 2.4.1, the nn","summary":"nnU-Net (a framework for automatically analyzing and segmenting images) had a vulnerability in its GitHub workflow where untrusted user input from issue titles and descriptions were sent directly to an AI agent without proper filtering. This allowed attackers to trick the AI agent into performing unintended actions like commenting on or relabeling issues, since the workflow ran automatically whenever someone opened an issue.","solution":"This vulnerability is fixed in version 2.4.1.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2026-44246","publishedAt":"2026-05-12T21:16:16.543Z","cveId":"CVE-2026-44246","cweIds":null,"cvssScore":"7.2","cvssSeverity":"high","severity":"high","attackType":["prompt_injection"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":["Anthropic"],"affectedVendorsRaw":["Anthropic","Claude","nnU-Net"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N","attackVector":"network","attackComplexity":"low","privilegesRequired":"none","userInteraction":"none","exploitMaturity":"unknown","epssScore":0,"patchAvailable":null,"disclosureDate":"2026-05-12T21:16:16.543Z","capecIds":null,"crossRefCount":0,"attackSophistication":"moderate","impactType":["integrity"],"aiComponentTargeted":"agent","llmSpecific":true,"classifierConfidence":0.95,"researchCategory":null,"atlasIds":null}}