CVE 9.8 CRITICAL

CVE-2026-31231_CVE-2026-31231

May 15, 2026 invoker category_cve

9.8 / 10

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Description

Cognee thru v0.4.0 contains a critical remote code execution vulnerability in its notebook cell execution API endpoint. The endpoint is designed to execute arbitrary Python code provided by the user, but it does so using the unsafe exec() function without any sandboxing, validation, or security controls. An attacker can exploit this by sending a specially crafted POST request containing malicious Python code to the execution endpoint. This leads to arbitrary code execution on the Cognee server with the privileges of the server process, allowing complete compromise of the system.

AI Analysis

Remote code execution vulnerability in Cognee's notebook cell execution API endpoint

Basic Information

ID CVE-2026-31231

Source mitre

Published May 12, 2026 at 00:00

Modified May 15, 2026 at 18:05

Affected Product

Vendor Topoteretes

Product Cognee

Version v0.4.0

Affected Versions n/a n/a n/a

CWE Classification

CWE-94

AI Assessment

AI Score 9.8 / 10

AI Severity Critical

Vendor Topoteretes

Product Cognee

Version v0.4.0

References

{
    "lastseen": "",
    "description": "Cognee thru v0.4.0 contains a critical remote code execution vulnerability in its notebook cell execution API endpoint. The endpoint is designed to execute arbitrary Python code provided by the user, but it does so using the unsafe exec() function without any sandboxing, validation, or security controls. An attacker can exploit this by sending a specially crafted POST request containing malicious Python code to the execution endpoint. This leads to arbitrary code execution on the Cognee server with the privileges of the server process, allowing complete compromise of the system.",
    "published": "2026-05-12T00:00:00.000Z",
    "modified": "2026-05-15T18:05:30.352Z",
    "type": "cve",
    "title": "CVE-2026-31231",
    "source": "mitre",
    "references": "https://github.com/topoteretes/cognee\nhttps://www.notion.so/CVE-2026-31231-35d1e13931888178a963ef9efeb29113",
    "id": "CVE-2026-31231",
    "bulletinFamily": "",
    "cwe": [
        "CWE-94"
    ],
    "cvelist": null,
    "sourceData": "n/a n/a n/a",
    "sourceHref": "",
    "cvss": {
        "score": 9.8,
        "severity": "CRITICAL",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Cognee",
    "version": "v0.4.0",
    "vendor": "Topoteretes",
    "ai_description": "Remote code execution vulnerability in Cognee's notebook cell execution API endpoint",
    "ai_severity": "Critical",
    "ai_vendor": "Topoteretes",
    "ai_product": "Cognee",
    "ai_version": "v0.4.0",
    "ai_score": 9.8
}

💭 Join the Security Discussion ❌ Cancel Reply