Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).
| Vendor | Product | Default status | Versions | ||||||
|---|---|---|---|---|---|---|---|---|---|
| n/a | n/a | affected |
|
No data.
No data.
OpenCVE Enrichment is a feature of OpenCVE that uses AI to automatically link vendors and products to CVEs. Learn more on GitHub.
No data.
Project Subscriptions
No data.
No advisories yet.
Solution
No solution given by the vendor.
Workaround
No workaround given by the vendor.
Mon, 11 May 2026 17:00:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Title | Command Injection in GPT‑Pilot Executor Enables Remote Code Execution | |
| Weaknesses | CWE-78 |
Mon, 11 May 2026 15:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | GPT-Pilot thru commit 0819827ce20346ef5f25b3fe29293cb448840565 (2025-09-03) contains a command injection vulnerability (CWE-78) in the Executor.run() method. During project execution, when the system prompts the user to confirm or modify a command to be run, it accepts free-text input without proper validation. The user-supplied input is directly passed to asyncio.create_subprocess_shell() for execution. This allows an attacker to replace the intended command with arbitrary shell commands, leading to remote code execution with the privileges of the GPT-Pilot process. | |
| References |
|
Projects
Sign in to view the affected projects.
MITRE
Status: PUBLISHED
Assigner: mitre
Published:
Updated: 2026-05-11T15:25:25.768Z
Reserved: 2026-03-09T00:00:00.000Z
Link: CVE-2026-31246
Vulnrichment
No data.
NVD
Status : Received
Published: 2026-05-11T16:17:29.623
Modified: 2026-05-11T16:17:29.623
Link: CVE-2026-31246
Redhat
No data.
OpenCVE Enrichment
Updated: 2026-05-11T16:45:15Z