CVE-2026-0763
Deserialization RCE in GPT Academic run_in_subprocess_wrapper_func
Publication date: 2026-01-23
Last updated on: 2026-02-18
Assigner: Zero Day Initiative
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| binary-husky | gpt_academic | 3.91 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-502 | The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the run_in_subprocess_wrapper_func function of GPT Academic. It occurs because the function improperly validates user-supplied data, leading to deserialization of untrusted data. This flaw allows remote attackers to execute arbitrary code with root privileges on affected systems without needing authentication. [1]
How can this vulnerability impact me? :
An attacker can remotely execute arbitrary code with root privileges on your system running GPT Academic. This can compromise the confidentiality, integrity, and availability of your system, potentially leading to full system takeover without requiring any authentication or user interaction. [1]