CVE-2026-31246
Received Received - Intake
Command Injection in GPT-Pilot

Publication date: 2026-05-11

Last updated on: 2026-05-11

Assigner: MITRE

Description
GPT-Pilot thru commit 0819827ce20346ef5f25b3fe29293cb448840565 (2025-09-03) contains a command injection vulnerability (CWE-78) in the Executor.run() method. During project execution, when the system prompts the user to confirm or modify a command to be run, it accepts free-text input without proper validation. The user-supplied input is directly passed to asyncio.create_subprocess_shell() for execution. This allows an attacker to replace the intended command with arbitrary shell commands, leading to remote code execution with the privileges of the GPT-Pilot process.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-11
Last Modified
2026-05-11
Generated
2026-06-21
AI Q&A
2026-05-11
EPSS Evaluated
2026-06-19
NVD
CVE-2026-31246
EUVD
EUVD-2026-29054
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
pythagora-io gpt-pilot *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

The vulnerability in GPT-Pilot is a command injection flaw found in the Executor.run() method. When the system asks the user to confirm or modify a command to be executed, it accepts free-text input without properly validating it. This user input is then directly passed to a shell execution function (asyncio.create_subprocess_shell()), allowing an attacker to inject and execute arbitrary shell commands.

This means an attacker can replace the intended command with malicious commands, leading to remote code execution with the same privileges as the GPT-Pilot process.

Impact Analysis

This vulnerability can have serious impacts because it allows an attacker to execute arbitrary commands on the system running GPT-Pilot. The attacker gains the same privileges as the GPT-Pilot process, which could lead to unauthorized access, data theft, system compromise, or further attacks within the network.

If exploited, it could result in loss of control over the affected system, potential data corruption, or disruption of services.

Detection Guidance

This vulnerability involves command injection through the Executor.run() method in GPT-Pilot, where user input is executed without proper validation. Detection would involve monitoring for unusual or unexpected shell commands executed by the GPT-Pilot process.

You can check running processes related to GPT-Pilot and look for suspicious subprocesses or shell commands. For example, on a Unix-like system, you might use commands such as:

  • ps aux | grep gpt-pilot
  • lsof -p <PID_of_gpt-pilot> to see open files and subprocesses
  • auditd or similar auditing tools to monitor calls to asyncio.create_subprocess_shell or shell command executions by the GPT-Pilot process

Additionally, reviewing logs for unexpected commands or behavior triggered by user input in GPT-Pilot can help detect exploitation attempts.

Mitigation Strategies

To mitigate this command injection vulnerability in GPT-Pilot, immediate steps include:

  • Avoid running GPT-Pilot in environments where untrusted users can provide input to the Executor.run() method.
  • Restrict or sandbox the GPT-Pilot process to limit the impact of potential arbitrary command execution.
  • If possible, disable or restrict the feature that prompts users to confirm or modify commands before execution.
  • Monitor and audit GPT-Pilot usage closely for suspicious activity.

Since the project is no longer actively maintained, consider migrating to alternative tools or solutions recommended by the community or the maintainers.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-31246. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart