CVE-2026-41512
Remote Code Execution in ai-scanner via JavaScript Injection
Publication date: 2026-05-08
Last updated on: 2026-05-08
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| 0din-ai | ai-scanner | From 1.0.0 (inc) to 1.4.1 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-94 | The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-41512 is a critical remote code execution vulnerability in the BrowserAutomation::PlaywrightService component of the ai-scanner project, affecting versions 1.0.0 through 1.4.0.
The flaw occurs due to improper handling of user-controlled input, specifically URLs and CSS selectors, which are interpolated into Node.js scripts as Ruby heredoc strings without proper escaping.
Attackers can exploit this by injecting malicious JavaScript code through single quotes in URLs, bypassing validation checks and executing arbitrary commands with the privileges of the Rails application container.
The vulnerability is exploitable via the POST /targets/auto_detect_selectors endpoint, accessible to any authenticated tenant member due to weak authorization controls.
How can this vulnerability impact me? :
Successful exploitation of this vulnerability allows attackers to execute arbitrary code with the application's privileges.
- Read sensitive environment variables, including secrets like SECRET_KEY_BASE and POSTGRES_PASSWORD.
- Decrypt tenant data and forge authentication tokens.
- Access the database and potentially compromise neighboring containers on the Docker network.
Overall, this can lead to full system compromise, data breaches, and unauthorized access to sensitive information.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
The vulnerability can be detected by monitoring for exploitation attempts targeting the POST /targets/auto_detect_selectors endpoint, which is accessible to authenticated tenant members.
Detection can focus on unusual or malicious JavaScript injection attempts in URLs or CSS selectors submitted to this endpoint, as these inputs are improperly escaped and lead to remote code execution.
Specific commands are not provided in the available resources, but network or application logs should be inspected for suspicious POST requests to /targets/auto_detect_selectors containing single quotes or JavaScript code.
What immediate steps should I take to mitigate this vulnerability?
The immediate mitigation step is to upgrade ai-scanner to version 1.4.1 or later, where this vulnerability has been patched.
Additionally, restrict access to the POST /targets/auto_detect_selectors endpoint to trusted users only, and implement stronger authorization controls to prevent unauthorized exploitation.
Monitoring and logging suspicious activity targeting this endpoint can also help in early detection and response.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability allows remote code execution through JavaScript injection, enabling attackers to access sensitive environment variables, decrypt tenant data, forge authentication tokens, and access databases. This exposure of sensitive data and unauthorized access could lead to violations of data protection regulations such as GDPR and HIPAA, which mandate strict controls over personal and sensitive information.
Because attackers can compromise tenant data and secrets, organizations using affected versions of ai-scanner may fail to maintain confidentiality, integrity, and availability of protected data, thereby risking non-compliance with these common standards and regulations.