CVE-2026-5631
Published: 06 April 2026
Summary
CVE-2026-5631 is a high-severity Injection (CWE-74) vulnerability. Its CVSS base score is 7.3 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 20.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
This vulnerability is AI-related — categorised as APIs and Models.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly mitigates code injection by requiring validation and sanitization of the manipulated 'args' argument in the ws Endpoint's extract_command_data function.
Ensures timely identification, testing, and installation of fixes for known flaws like this unpatched code injection vulnerability in gpt-researcher up to 3.4.3.
Provides boundary protection for the remote WebSocket endpoint to monitor and filter malicious network traffic attempting args manipulation for code injection.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Remote code injection in public-facing ws endpoint enables T1190 exploitation for initial access and arbitrary Python code execution via T1059.006.
NVD Description
A vulnerability has been found in assafelovic gpt-researcher up to 3.4.3. This affects the function extract_command_data of the file backend/server/server_utils.py of the component ws Endpoint. Such manipulation of the argument args leads to code injection. The attack may be performed…
more
from remote. The exploit has been disclosed to the public and may be used. The project was informed of the problem early through an issue report but has not responded yet.
Deeper analysisAI
CVE-2026-5631 is a code injection vulnerability in the open-source project assafelovic/gpt-researcher, affecting versions up to 3.4.3. The issue resides in the extract_command_data function within the file backend/server/server_utils.py, specifically in the ws Endpoint component. By manipulating the args argument, an attacker can inject arbitrary code remotely. The vulnerability is rated with a CVSS v3.1 base score of 7.3 (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) and is associated with CWE-74 (Improper Neutralization of Special Elements used in an SQL Command) and CWE-94 (Improper Control of Generation of Code).
Remote attackers require no privileges or user interaction to exploit this vulnerability over the network with low complexity. Successful exploitation allows limited impacts on confidentiality, integrity, and availability, enabling code injection that could lead to further compromise depending on the execution context.
References indicate the vulnerability was reported to the project via GitHub issue #1694, but the maintainers have not yet responded or released a patch. The exploit has been publicly disclosed and may be actively used, as noted in VulDB entries. No specific mitigations or workarounds are detailed in the available advisories.
Notably, gpt-researcher is an AI-powered research tool leveraging large language models, making this vulnerability relevant to AI/ML deployments where WebSocket endpoints may expose backend services. There is no confirmed evidence of widespread real-world exploitation at the time of publication on 2026-04-06.
Details
- CWE(s)
AI Security AnalysisAI
- AI Category
- APIs and Models
- Risk Domain
- N/A
- OWASP Top 10 for LLMs 2025
- None mapped
- Classification Reason
- Matched keywords: gpt