{"data":{"id":"d43ba692-5fdb-4979-af5a-42109b0b3c58","title":"CVE-2026-31246: GPT-Pilot thru commit 0819827ce20346ef5f25b3fe29293cb448840565 (2025-09-03) contains a command injection vulnerability (","summary":"GPT-Pilot has a command injection vulnerability (CWE-78, a type of security flaw where attackers insert malicious commands into a program) in its Executor.run() method that allows attackers to execute arbitrary shell commands. When the system asks users to confirm or modify a command before running it, it doesn't properly validate the user input before passing it to the shell execution function, letting an attacker replace the intended command with malicious code and run it with GPT-Pilot's privileges.","solution":"N/A -- no mitigation discussed in source.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2026-31246","publishedAt":"2026-05-11T16:17:29.623Z","cveId":"CVE-2026-31246","cweIds":null,"cvssScore":null,"cvssSeverity":null,"severity":"critical","attackType":["other"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":[],"affectedVendorsRaw":["GPT-Pilot"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0,"patchAvailable":null,"disclosureDate":"2026-05-11T16:17:29.623Z","capecIds":null,"crossRefCount":0,"attackSophistication":"trivial","impactType":["integrity","confidentiality","availability"],"aiComponentTargeted":"framework","llmSpecific":false,"classifierConfidence":0.95,"researchCategory":null,"atlasIds":null}}