CVE-2026-33139
Validation Bypass in PySpector Plugin System Enables Command Execution
Publication date: 2026-03-20
Last updated on: 2026-03-24
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| parzivalhack | pyspector | to 0.1.7 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-184 | The product implements a protection mechanism that relies on a list of inputs (or properties of inputs) that are not allowed by policy or otherwise require other action to neutralize before additional processing takes place, but the list is incomplete. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
[{'type': 'paragraph', 'content': 'CVE-2026-33139 is a high-severity vulnerability in PySpector versions 0.1.6 and earlier, involving a security validation bypass in its plugin system.'}, {'type': 'paragraph', 'content': 'The vulnerability arises because the function validate_plugin_code() uses static AST (Abstract Syntax Tree) analysis to block dangerous API calls before trusting and executing a plugin, but its internal helper resolve_name() only processes certain AST node types (ast.Name and ast.Attribute) and returns None for others.'}, {'type': 'paragraph', 'content': "Attackers exploit this by using indirect function calls via getattr() (e.g., getattr(os, 'system')), which results in an AST node type that resolve_name() does not handle, causing the security check to be silently bypassed."}, {'type': 'paragraph', 'content': "As a result, malicious plugins can pass the trust workflow incorrectly and execute arbitrary system commands on the user's machine when loaded."}] [1]
How can this vulnerability impact me? :
If exploited, this vulnerability allows an attacker to execute arbitrary system commands on the affected machine with the privileges of the user running PySpector.
The attacker can gain full read/write access to the local filesystem, exfiltrate sensitive data such as API keys and credentials, establish persistence mechanisms, and potentially move laterally within CI/CD environments where PySpector runs with elevated privileges.
Exploitation requires the attacker to deliver a malicious plugin and convince the user to explicitly trust and install it, which is a deliberate multi-step process limiting the attack surface.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by identifying if your system is running PySpector version 0.1.6 or earlier and if any third-party plugins have been installed and trusted using the command `pyspector plugin install --trust`.
Since the vulnerability involves a bypass in the static AST validation of plugins, detection involves checking for the presence of plugins that use indirect function calls via `getattr()` to execute system commands.
You can check the installed PySpector version with the command:
- `pyspector --version`
To list installed plugins and verify if any untrusted or suspicious plugins are present, you can use:
- `pyspector plugin list`
To audit plugin code for indirect calls using `getattr()`, you would need to manually inspect plugin source files for usage of `getattr` or other indirect function calls that could bypass validation.
What immediate steps should I take to mitigate this vulnerability?
The immediate mitigation step is to upgrade PySpector to version 0.1.7 or later, where this vulnerability has been patched.
Additionally, avoid installing and trusting third-party plugins from untrusted sources, especially those outside the official repository.
If you have already installed plugins using `pyspector plugin install --trust`, review and remove any suspicious or unverified plugins.
Limit the execution of PySpector to trusted environments and users to reduce the risk of malicious plugin installation.