Part of Lyceum Intelligence — deep-research In Focus reports → · Lyceum Corpus — ask the documents →

Full-text search across 381 articles. Typo-tolerant.

Lyceum News Desk ·

CVE-2026-41512 -- CVSS 9.9 Vulnerability Briefing

CVE-2026-41512 | CVSS 9.9 (Critical) | Exploit: No known exploit

What Is It

CVE-2026-41512 is a critical remote code execution vulnerability in Mozilla's 0Din Scanner (ai-scanner), an AI model safety scanning tool built on NVIDIA garak, caused by JavaScript injection in the BrowserAutomation component.

Technical Detail

The flaw exists in the BrowserAutomation functionality of ai-scanner versions 1.0.0 through 1.4.0, where unsanitized user-controlled input is passed into a JavaScript execution context, enabling injection of arbitrary code. An attacker who can interact with the scanner's browser automation interface can craft a malicious payload that triggers execution of arbitrary JavaScript, which is then processed in a privileged context on the host system. Successful exploitation results in full remote code execution, potentially allowing an attacker to compromise the underlying host, exfiltrate data, or pivot within the environment where the scanner is deployed.

Exploitation Status

No known exploit exists for this vulnerability at this time. It is not listed in CISA's Known Exploited Vulnerabilities catalog. While the CVSS score of 9.9 reflects the severity of potential impact, there is currently no public proof-of-concept code or confirmed exploitation activity observed in the wild.

Who Is Targeting This

No specific threat actor attribution at this time. No campaigns or targeted sectors have been associated with this vulnerability. Given that the affected product is an AI safety scanning tool likely deployed in research, enterprise AI development, and security operations environments, those contexts represent the logical exposure surface if exploitation activity emerges.

What To Do

Organizations running ai-scanner should upgrade immediately to version 1.4.1 or later, which contains the fix for this vulnerability. Given the critical CVSS score of 9.9 and the RCE impact, patching should be treated as high priority regardless of the current absence of known exploits. If immediate patching is not possible, restrict network access to the BrowserAutomation interface and ensure the scanner is not exposed to untrusted input sources or public-facing networks. Security teams should audit deployment configurations to confirm the scanner is not running with elevated or unnecessary system privileges, which would limit the blast radius of any exploitation attempt.

In Focus
All analysis →

Deep-research intelligence reports from Lyceum Intelligence — structured assessments with sourced claims and calibrated conclusions.

Browse Intelligence Reports →