CVE-2026-4500 identifies an injection vulnerability in the bagofwords1 bagofwords software, affecting versions up to 0.0.297. The issue resides in the generate_df function within the backend/app/ai/code_execution/code_execution.py file. Injection vulnerabilities typically occur when untrusted input is improperly handled, allowing attackers to inject malicious code or commands that the application executes. In this case, the vulnerability can be exploited remotely without requiring authentication or user interaction, increasing the attack surface. The CVSS 4.0 vector indicates network attack vector (AV:N), low attack complexity (AC:L), no privileges required (PR:L - low privileges), no user interaction (UI:N), and low impact on confidentiality, integrity, and availability (VC:L, VI:L, VA:L). The vulnerability does not affect system components (SC:N), and the scope remains unchanged (SI:N). Although no known exploits are currently active in the wild, a public exploit is available, which could facilitate attacks. The vendor has addressed the issue in version 0.0.298, with a patch identified by commit 47b20bcda31264635faff7f6b1c8095abe1861c6. The vulnerability is relevant to environments using bagofwords1 for AI code execution or data frame generation, where injection could lead to unauthorized code execution or data manipulation.

The injection vulnerability in bagofwords1 bagofwords can lead to unauthorized code execution or manipulation of data frames, potentially compromising the confidentiality, integrity, and availability of affected systems. Since the attack can be launched remotely without user interaction or high privileges, it increases the risk of automated exploitation and widespread impact. Organizations relying on this component in AI workflows or code execution pipelines may face data breaches, corrupted outputs, or service disruptions. Although the impact is rated low to medium per confidentiality, integrity, and availability, the ease of remote exploitation and public availability of an exploit elevate the risk. If exploited in critical environments, such as AI-driven decision-making systems or data processing pipelines, the consequences could include incorrect data analysis, unauthorized access to sensitive information, or denial of service. The lack of known active exploits currently reduces immediate risk but does not eliminate the threat, especially as attackers may leverage the public exploit code to develop attacks.

To mitigate CVE-2026-4500, organizations should immediately upgrade bagofwords1 bagofwords to version 0.0.298 or later, which contains the official patch fixing the injection vulnerability. Additionally, review and harden input validation and sanitization in the generate_df function and related code execution components to prevent injection of malicious data. Implement network-level protections such as firewalls and intrusion detection systems to monitor and block suspicious remote requests targeting the vulnerable endpoint. Restrict access to the affected service to trusted networks or authenticated users where possible, even though the vulnerability does not require authentication, to reduce exposure. Conduct code audits and penetration testing focused on injection vectors in AI code execution modules. Maintain up-to-date threat intelligence to detect any emerging exploits in the wild. Finally, ensure logging and monitoring are in place to detect anomalous behavior indicative of exploitation attempts.