CVE-2026-41512

NVIDIA · garak

A remote code execution vulnerability exists in the NVIDIA garak AI scanner via JavaScript injection within the BrowserAutomation::PlaywrightService component.

Executive summary

A critical remote code execution vulnerability in NVIDIA garak allows unauthenticated attackers to execute arbitrary code via JavaScript injection.

Vulnerability

The vulnerability exists in the BrowserAutomation::PlaywrightService component, which improperly handles input, allowing for JavaScript injection. This flaw can be triggered remotely without authentication, leading to full system compromise.

Business impact

With a CVSS score of 9.9, this vulnerability represents an extreme risk to any environment deploying the garak AI scanner. Successful exploitation grants an attacker the ability to execute arbitrary code with the privileges of the garak service, leading to full system compromise, exfiltration of sensitive AI model data, or lateral movement within the network.

Remediation

Immediate Action: Update the NVIDIA garak installation to version 1.4.1 or later immediately.

Proactive Monitoring: Monitor system logs for unusual process execution, unauthorized network connections originating from the scanner, or unexpected JavaScript execution errors in the Playwright service.

Compensating Controls: Deploy a Web Application Firewall (WAF) or equivalent inspection tool to filter malicious payloads targeting browser automation services. Restrict network access to the scanner to authorized internal subnets only.

Exploitation status

Public Exploit Available: Not specified

Analyst recommendation

Due to the remote code execution nature of this vulnerability and its near-maximum CVSS score, immediate patching is mandatory. Organizations must ensure that any instance of garak is updated to version 1.4.1 to eliminate the injection vector.