OS Command Injection Vulnerability in ScrapeGraphAI Product by ScrapeGraphAI
CVE-2026-5532

5.3MEDIUM

Key Information:

Vendor: Scrapegraphai
Status: Scrapegraph-ai
Vendor: CVE Published:; 5 April 2026

🔔 Create Scrapegraphai Vulnerability Alert

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2026-5532?

A vulnerability in ScrapeGraphAI's scrapegraph-ai component, specifically in the create_sandbox_and_execute function of generate_code_node.py, allows for OS command injection. This vulnerability can be exploited remotely, posing significant security risks. The vendor was notified of this issue but did not provide a response. Users of the affected version (1.74.0) should take immediate action to mitigate potential exploits.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

scrapegraph-ai 1.0

scrapegraph-ai 1.1

scrapegraph-ai 1.2

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2026-5532 - Proof of Concept

References

https://vuldb.com/vuln/355285

vdb-entrytechnical-description

https://vuldb.com/vuln/355285/cti

signaturepermissions-required

https://vuldb.com/submit/782169

third-party-advisory

CVSS V4

Score:

5.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

🟡
Public PoC available
Apr 5, 2026
👾
Exploit known to exist
Apr 5, 2026
Vulnerability published
Apr 5, 2026
Vulnerability Reserved
Apr 4, 2026

Credit

Yu Bao (VulDB User)

VulDB CNA Team

JSON

Scrapegraphai